<div dir="ltr"><div class="gmail-pr-2 gmail-pe-cursor" id="gmail-back-button">
</div><div class="gmail-row gmail-align-items-center gmail-justify-content-start"><div class="gmail-d-flex gmail-align-items-center gmail-col"><p class="ecx-page-title-default gmail-undefined gmail-mb-0"></p>
</div>
</div>
<div class="gmail-card">
<div class="gmail-card-body">
<div class="gmail-row gmail-align-items-center gmail-justify-content-start">
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="status">Product/Component</label>
<p class="edit-solution-text">VMware Cloud Foundation</p>
<a>1 more products</a>
</div>
</div>
</div>
<div class="gmail-row gmail-align-items-center gmail-justify-content-start gmail-mt-3">
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="status">Notification Id</label>
<p class="edit-solution-text">24968</p>
</div>
</div>
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="distribution">Last Updated</label>
<p class="edit-solution-text">17 September 2024</p>
</div>
</div>
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels">Initial Publication Date</label>
<p class="edit-solution-text">17 September 2024</p>
</div>
</div>
</div>
<div class="gmail-row gmail-align-items-center gmail-justify-content-start">
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="status">Status</label>
<p class="edit-solution-text">OPEN</p>
</div>
</div>
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="distribution">Severity</label>
<p class="edit-solution-text">CRITICAL</p>
</div>
</div>
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels">CVSS Base Score</label>
<p class="edit-solution-text">7.5-9.8</p>
</div>
</div>
</div>
<div class="gmail-row gmail-align-items-center gmail-justify-content-start">
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="workAround">WorkAround</label>
<p class="edit-solution-text"></p>
</div>
</div>
<div class="gmail-col-4">
<div class="gmail-form-group">
<label class="edit-solution-labels" for="affectedCve">Affected CVE</label>
<p class="edit-solution-text">CVE-2024-38812, CVE-2024-38813</p>
</div>
</div>
</div>
</div>
</div>
<div class="gmail-card">
<div class="gmail-card-body">
<p style="margin:0in;font-size:16px;font-family:"Calibri",sans-serif"> </p>
<table style="width:65.6546%;height:179.167px" border="1">
<tbody>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>Advisory ID:</strong> </td>
<td class="gmail-confluenceTd" style="width:84.6309%;height:22.3958px">VMSA-2024-0019</td>
</tr>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>Severity:</strong></td>
<td style="width:84.6309%;height:22.3958px">Critical</td>
</tr>
<tr style="height:44.7917px">
<td style="width:15.3795%;height:44.7917px"><strong>CVSSv3 Range:</strong></td>
<td class="gmail-confluenceTd" style="width:84.6309%;height:44.7917px">7.5-9.8</td>
</tr>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>Synopsis:</strong></td>
<td style="width:84.6309%;height:22.3958px">VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)</td>
</tr>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>Issue date:</strong></td>
<td class="gmail-confluenceTd" style="width:84.6309%;height:22.3958px">2024-09-17</td>
</tr>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>Updated on:</strong></td>
<td class="gmail-confluenceTd" style="width:84.6309%;height:22.3958px">2024-09-17 (Initial Advisory)</td>
</tr>
<tr style="height:22.3958px">
<td style="width:15.3795%;height:22.3958px"><strong>CVE(s)</strong></td>
<td style="width:84.6309%;height:22.3958px">CVE-2024-38812, CVE-2024-38813</td>
</tr>
</tbody>
</table>
<p style="margin:0in;font-size:16px;font-family:"Calibri",sans-serif"> </p>
<h2 id="gmail-VMSA20240019.-1.ImpactedProducts"><strong>1. Impacted Products</strong></h2>
<ul><li>VMware vCenter Server</li><li>VMware Cloud Foundation</li></ul>
<h2 id="gmail-VMSA20240019.-2.Introduction"><strong>2. Introduction</strong></h2>
<p>A heap-overflow vulnerability and a privilege escalation
vulnerability in vCenter Server were responsibly reported to VMware.
Updates are available to remediate these vulnerabilities in affected
VMware products.</p>
<h2 id="gmail-VMSA20240019.-3a.VMwarevCenterServerheap-overflowvulnerability(CVE-2024-38812)PR3404307"><strong>3a</strong><strong>. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812</strong><strong>) </strong></h2>
<p><strong>Description:<br></strong>The vCenter Server contains a
heap-overflow vulnerability in the implementation of the DCERPC
protocol. VMware has evaluated the severity of this issue to be in the <a class="external-link" href="https://www.vmware.com/support/policies/security_response.html">Critical severity range</a> with a maximum CVSSv3 base score of <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a>.</p>
<p><strong>Known Attack Vectors:<br></strong>A malicious actor with
network access to vCenter Server may trigger this vulnerability by
sending a specially crafted network packet potentially leading to remote
code execution.</p>
<p><strong>Resolution:<br></strong>To remediate CVE-2024-38812 apply the
updates listed in the 'Fixed Version' column of the 'Response Matrix'
below to affected deployments.<br><br><strong>Workarounds:<br></strong>In-product workarounds were investigated, but were determined to not be viable.</p>
<p><strong>Additional Documentation:<br></strong>A supplemental FAQ was created for additional clarification. Please see: <a href="https://bit.ly/vcf-vmsa-2024-0019-qna">https://bit.ly/vcf-vmsa-2024-0019-qna</a></p>
<p><strong>Acknowledgments:<br></strong>VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.</p>
<p><strong>Notes:<br></strong>None.</p>
<h2 id="gmail-VMSA20240019.-3b.VMwarevCenterprivilegeescalationvulnerability(CVE-2024-38813)PR3404315"><strong>3b. VMware vCenter privilege escalation vulnerability </strong><strong>(CVE-2024-38813) </strong></h2>
<p><strong>Description:<br></strong>The vCenter Server contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the <a class="external-link" href="https://www.vmware.com/support/policies/security_response.html">Important severity range</a> with a maximum CVSSv3 base score of <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">7.5</a>.</p>
<p><strong>Known Attack Vectors:<br></strong>A malicious actor with
network access to vCenter Server may trigger this vulnerability to
escalate privileges to root by sending a specially crafted network
packet.</p>
<p><strong>Resolution:<br></strong>To remediate CVE-2024-38813 apply the
updates listed in the 'Fixed Version' column of the 'Response Matrix'
below to affected deployments.<br><br><strong>Workarounds:<br></strong>None.</p>
<p><strong>Additional Documentation:<br></strong>A supplemental FAQ was created for additional clarification. Please see: <a href="https://bit.ly/vcf-vmsa-2024-0019-qna">https://bit.ly/vcf-vmsa-2024-0019-qna</a></p>
<p><strong>Acknowledgments:<br></strong>VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.</p>
<p><strong>Notes:<br></strong>None.</p>
<p><strong>Response Matrix: 3a & 3b<br></strong></p>
<table border="1">
<tbody>
<tr>
<td><strong>VMware Product</strong></td>
<td><strong>Version</strong></td>
<td><strong>Running On</strong></td>
<td><strong>CVE</strong></td>
<td><strong>CVSSv3</strong></td>
<td><strong>Severity</strong></td>
<td><strong>Fixed Version</strong></td>
<td><strong>Workarounds</strong></td>
<td><strong>Additional Documentation</strong></td>
</tr>
<tr>
<td>vCenter Server </td>
<td>8.0</td>
<td>Any</td>
<td>CVE-2024-38812, CVE-2024-38813</td>
<td><a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a>, <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">7.5</a></td>
<td>Critical</td>
<td class="gmail-confluenceTd"><a href="https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html">8.0 U3b</a></td>
<td>None</td>
<td><a href="https://bit.ly/vcf-vmsa-2024-0019-qna">FAQ</a></td>
</tr>
<tr>
<td>vCenter Server </td>
<td>7.0</td>
<td>Any</td>
<td>CVE-2024-38812, CVE-2024-38813</td>
<td><a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a>, <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">7.5</a></td>
<td>Critical</td>
<td class="gmail-confluenceTd"><a href="https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html">7.0 U3s</a></td>
<td>None</td>
<td><a href="https://bit.ly/vcf-vmsa-2024-0019-qna">FAQ</a></td>
</tr>
<tr>
<td>VMware Cloud Foundation</td>
<td>5.x</td>
<td>Any</td>
<td>CVE-2024-38812, CVE-2024-38813</td>
<td><a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a>, <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">7.5</a></td>
<td>Critical</td>
<td>Async patch to <a class="external-link" href="https://knowledge.broadcom.com/external/article?legacyId=88287">8.0 U3b</a></td>
<td>None</td>
<td>Async Patching Guide: <a href="https://knowledge.broadcom.com/external/article?legacyId=88287">KB88287</a></td>
</tr>
<tr>
<td>VMware Cloud Foundation</td>
<td>4.x</td>
<td>Any</td>
<td>CVE-2024-38812, CVE-2024-38813</td>
<td><a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a>, <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">7.5</a></td>
<td>Critical</td>
<td>Async patch to <a class="external-link" href="https://knowledge.broadcom.com/external/article?legacyId=88287">7.0 U3s</a></td>
<td>None</td>
<td class="gmail-confluenceTd">Async Patching Guide: <a href="https://knowledge.broadcom.com/external/article?legacyId=88287">KB88287</a></td>
</tr>
</tbody>
</table>
<p> </p>
<h2><strong>4. References:</strong></h2>
<p><strong>Fixed Version(s) and Release Notes:</strong></p>
<p><strong>VMware vCenter Server 8.0 U3b<br></strong>Downloads and Documentation:<br><a href="https://support.broadcom.com/web/ecx/solutiondetails?patchId=5515">https://support.broadcom.com/web/ecx/solutiondetails?patchId=5515</a><br><a href="https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html">https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html</a></p>
<p><strong>VMware vCenter Server 7.0 U3s<br></strong>Downloads and Documentation:<br><a href="https://support.broadcom.com/web/ecx/solutiondetails?patchId=5513">https://support.broadcom.com/web/ecx/solutiondetails?patchId=5513</a><br><a href="https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html">https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html</a></p>
<p><strong>KB Articles:</strong><br>Cloud Foundation 5.x/4.x:<br><a class="external-link" href="https://knowledge.broadcom.com/external/article?legacyId=88287">https://knowledge.broadcom.com/external/article?legacyId=88287</a></p>
<p><strong>Mitre CVE Dictionary Links:<br></strong><span class="gmail-nolink"><a class="external-link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812</a></span><br><span class="gmail-nolink"><a class="external-link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813</a></span></p>
<p><strong>FIRST CVSSv3 Calculator: </strong><br><span class="gmail-nolink">CVE-2024-38812: <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a><br>CVE-2024-38813: <a class="external-link" href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a><br></span></p>
<h2><strong>5. Change Log:</strong></h2>
<p><strong>2024-09-17 VMSA-2024-0019<br></strong>Initial security advisory.</p>
<h2 id="gmail-VMSA20240019.-6.Contact:"><strong>6. Contact:</strong></h2>
<p>E-mail: <a class="external-link" href="mailto:vmware.psirt@broadcom.com">vmware.psirt@broadcom.com</a><br><br>PGP key<br>
<a class="external-link" href="https://knowledge.broadcom.com/external/article/321551">https://knowledge.broadcom.com/external/article/321551</a><br><br>VMware Security Advisories<br>
<a class="external-link" href="https://www.broadcom.com/support/vmware-security-advisories">https://www.broadcom.com/support/vmware-security-advisories</a><br><br>VMware External Vulnerability Response and Remediation Policy<br><a class="external-link" href="https://www.broadcom.com/support/vmware-services/security-response">https://www.broadcom.com/support/vmware-services/security-response</a><br><br>VMware Lifecycle Support Phases<br>
<a class="external-link" href="https://support.broadcom.com/group/ecx/productlifecycle">https://support.broadcom.com/group/ecx/productlifecycle</a><br><br>VMware Security Blog<br>
<a class="external-link" href="https://blogs.vmware.com/security">https://blogs.vmware.com/security</a><br><br>X<br><a class="external-link" href="https://x.com/VMwareSRC">https://x.com/VMwareSRC</a></p>
<p>Copyright 2024 Broadcom All rights reserved.</p>
</div>
</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>===</div><div>Computer Security Incident Response Team - CSIRT</div><div>Universidade Estadual de Campinas - Unicamp</div><div>Centro de Computacao - CCUEC</div><div>GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div>Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div></div>