Broadcom first patched the two flaws - CVE-2024-38812 and CVE-2024-38813 - on September 17th, but then issued an October update to the original patches after admitting its initial effort 'did not completely address' either vulnerability.
CVE-2024-38812 is a critical heap-overflow vulnerability that received a 9.8 out of 10 CVSS severity rating. An attacker with network access could send a specially crafted packet, potentially allowing them to execute malicious code.
vCenter is a juicy target for crims because it is the tool admins use to manage fleets of virtual machines - and some orgs operate thousands of them.
CVE-2024-38813 is a high-severity, 7.5-CVSS rated privilege escalation vulnerability. Assuming an attacker has network access to vCenter Server, they can exploit the bug to escalate privileges.
Collection
[
|
...
]