H-ISAC TLP Green Vulnerability Bulletin: Patches Released for Vulnerabilities Affecting VMware Products

Broadcom released an advisory (VMSA-2024-0019) to address a pair of vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation.

The first vulnerability, tracked as CVE-2024-38812, is the most severe of the two. It is a heap overflow security flaw in vCenter's Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol implementation, in which an adversary can send a maliciously crafted packet to execute remote code.

The second vulnerability, tracked as CVE-2024-38813, is a privilege escalation vulnerability that could allow an adversary to elevate privileges to root by sending a similar type of crafted network packet.

Successful exploitation of both vulnerabilities requires an adversary to gain network access to vCenter Server in order to trigger the security flaws. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
CMS Issues ACO Significant, Anomalous and Highly Suspect Billing Final Rule
Member
Guides/Reports
Societal Factors that Influence Health: A Framework for Hospitals
Advancing Health Podcast
Clinical Validation Audits and the Impact on Hospitals and Health Systems
Public
AHA Center for Health Innovation Market Scan
How to Strengthen Your Nurse Retention Strategy
Public
AHA Center for Health Innovation Market Scan
Two Health System AI Pilots Detail Results in Note-Taking and Chart Reviews
Public
Webinar Recordings
Transforming Episode Accountability Model (TEAM) Final Rule Webinar
Member