Broadcom's initial patches for CVE-2024-38812 and CVE-2024-38813 were insufficient, leading to active exploitation. The company recommends immediate application of new fixes.
CVE-2024-38812 is a serious heap overflow vulnerability in the DCERPC protocol with a CVSS score of 9.8, allowing remote code execution on affected servers.
CVE-2024-38813, with a CVSS score of 7.5, permits privilege escalation to root level via specially crafted packets, emphasizing the need to patch urgently.
As there were no viable workarounds for both vulnerabilities, Broadcom's updates are presented as the only effective solution to secure VMware vCenter.
Collection
[
|
...
]