Oddbean new post about | logout
 VMware fixes bad patch for critical vCenter Server RCE flaw

VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.

The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter's DCE/RPC protocol implementation, impacting the vCenter Server and any products incorporating it, such as vSphere and Cloud Foundation.

The flaw does not require user interaction for exploitation, as remote code execution is triggered when a specially crafted network packet is received.

See more: https://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/

#cybersecurity #security