InfoSecBulletin Cybersecurity for mankind
VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution.
Vulnerabilities include:
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8):
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual with network access to vCenter Server to achieve remote code execution by exploiting a specifically crafted network packet.
CVE-2024-37081 (CVSS score: 7.8):
Multiple sudo misconfiguration vulnerabilities in VMware vCenter that an authenticated local user with non-administrative privileges could exploit to obtain root permissions.
QiAnXin LegendSec researchers Hao Zheng and Zibo Li found and reported CVE-2024-37079 and CVE-2024-37080. Matei “Mal” Badanoiu from Deloitte Romania discovered CVE-2024-37081.
The issues in vCenter Server versions 7.0 and 8.0 have been fixed in versions 7.0 U3r, 8.0 U1e, and 8.0 U2d.
Although there are no reports of the vulnerabilities being exploited, it’s important for users to quickly apply the patches due to their critical nature.
