Blog
Share This Post
[ad_1]
Updates issued by VMware for its vCenter Server platform continue to not completely address a critical remote code execution vulnerability, tracked as CVE-2024-38812, which was initially identified and exploited at the Matrix Cup hacking competition in China in June, SecurityWeek reports.
Such a flaw — which is a heap overflow in the platform’s Distributed Computing Environment / Remote Procedure Call protocol — could be leveraged by threat actors with vCenter Server network access to facilitate code execution through a custom network packet, according to VMware, which did not provide additional information about the inadequate fix. However, VMware was able to remediate a high-severity privilege escalation issue in vCenter Server, tracked as CVE-2024-38813, with the recent update. “A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet,” said VMware.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
