VMware has released security updates to address critical vulnerabilities in multiple VMware products, including but not limited to Cloud Foundation and vCenter Server. The most severe is CVE-2024-37079 (CVSS 9.8), which is actively exploited in the wild.

Affected Systems and Versions are:

• VMware vCenter Server 7.0 (versions prior to patched release)

• VMware vCenter Server 8.0 (versions prior to patched release)

• VMware Cloud Foundation 4.x and 5.x

Security Risks

Successful exploitation of these vulnerabilities could allow an attacker to perform local privilege escalation, information disclosure, improper authorization and remote code execution on the targeted system.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow VMware's security advisory (Broadcom VMSA-2024-0012) to lower the risk of potential exploits, protect systems, and ensure their security.

• Upgrade to patched versions: VMware vCenter Server 7.0 Update 3s / 8.0 Update 1e (or later)

Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Security Advisories - VMware Cloud Foundation

• https://www.cve.org/CVERecord?id=CVE-2024-37079