SonicWall Details Dangerous RCE Bug in VMware vCenter Server
Cybersecurity researchers at SonicWall have released an in-depth analysis of a critical remote code execution (RCE) vulnerability in VMware vCenter Server. The vulnerability, identified as CVE-2024-38812, is linked to a heap overflow flaw within the DCERPC protocol implementation on this virtualization management platform.
First disclosed in September 2024, this vulnerability received a CVSS score of 9.8, underscoring its severe risk and high potential for exploitation. Affected versions include vCenter Server 8.0U3a, while version 8.0U3b incorporates the essential patches. The vulnerability also impacts VMware Cloud Foundation, as noted in advisory VMSA-2024-0019.
The issue arises from a memory handling error in the rpc_ss_ndr_contiguous_elt() function, allowing an attacker with network access to send specially crafted packets and trigger arbitrary code execution on the server. This vulnerable function may improperly alter memory addresses, creating a pathway to critical areas.
SonicWall experts demonstrated that an attack could leverage network packets with tampered data in the “stub_data” section. These manipulated parameters cause a heap overflow, compromising memory integrity. The most hazardous exploitation aspect involves the memcpy function, which enables the attacker to control the target memory address and data volume copied, heightening the chance of a critical system crash.
VMware’s patch in version 8.0U3b introduces stricter memory boundary checks and limits pointer operations, significantly reducing the exploitation risk. Experts strongly advise organizations using vulnerable versions to upgrade to the patched release without delay.
This vulnerability highlights the importance of timely software updates and regular security audits, particularly for key platforms like VMware vCenter Server. Additional protective measures, including network segmentation, activity monitoring, and regular vulnerability assessments, are also recommended to swiftly detect and mitigate similar threats.
