Audience:

IT Professionals and Managers

Purpose:

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The National Security Operations Centre (NSOC) is also available to provide additional assistance regarding the contents of this Alert to recipients as requested.

Overview:

A critical vulnerability (CVE-2024-38812) has been identified in VMware vCenter Server, which could allow an attacker with network access to execute remote code by sending specially crafted packets. This vulnerability is highly exploitable and poses significant security risks to affected systems.

Severity: Critical

CVSS Score: 9.8

Recommendations:

Update Immediately: Apply the latest patches to vCenter Server and VMware Cloud Foundation to mitigate the risk of exploitation.
Review Systems: If your organization is running affected versions, apply the provided patches as soon as possible to protect your systems.

Affected Products:

vCenter Server: Versions prior to 8.0 U3b and 7.0 U3s
VMware Cloud Foundation: Versions 4.x, 5.x