Article Details

VMware fixes critical vCenter RCE vulnerability, patch now. VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. Today, the vendor released fixes for three vulnerabilities, namely CVE-2024-37079, CVE-2024-37080, CVE-2024-37081, summarized as follows: The above flaws impact VMware vCenter Server versions 7.0 and 8.0 and VMware Cloud Foundation versions 4.x and 5.x. Security updates were made available in VMware vCenter Server 8.0 U2d, 8.0 U1e, and 7.0 U3r. For Cloud Foundation, patches were pushed through KB88287. The vendor says that updating vCenter Server does not affect running workloads or VMs, but a temporary unavailability is to be expected on vSphere Client and other management interfaces during the update. Also, an issue with custom ciphers was detected in 7.0 U3r (also in U3q). A precheck is recommended to catch the problem, while users can also refer to the corresponding knowledge base article. The vendor said there are no viable in-product workarounds or mitigations for these vulnerabilities, so the recommended solution is to apply the updates as soon as possible. In a FAQ page VMware published to accompany the security bulletin, the company says that no active exploitation of the flaws has been detected in the wild as of yet. However, it is not uncommon for vCenter flaws to be targeted by threat actors when they are disclosed, so admins must apply the updates as soon as possible.