Audience:

IT Professionals and Managers

Purpose:

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The National Security Operations Centre (NSOC) is also available to provide additional assistance regarding the contents of this Alert to recipients as requested.

Overview:

A privilege escalation vulnerability (CVE-2024-38813) in VMware vCenter Server could grant attackers root access to affected systems. This allows for unauthorized administrative actions that could compromise the security and stability of your VMware environment.

Severity: High

CVSS Score: 7.5

Recommendations:

Update Immediately: Apply the latest patches to vCenter Server and VMware Cloud Foundation to mitigate the risk of this vulnerability.
Review Systems: If your organization is running affected versions, apply the patches without delay to prevent potential exploitation.

Affected Products:

vCenter Server: Versions prior to 8.0 U3b and 7.0 U3s
VMware Cloud Foundation: Versions 4.x, 5.x