image credit: Adobe Stock

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

June 18, 2024

VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.

Announced late on Monday night, Pacific Time, the critical-rated flaws are CVE-2024-37079 and CVE-2024-37080, both of which scored 9.8 on the ten-point Common Vulnerability Scoring System v3 scale.

VMware’s security bulletin describes both of the flaws as “heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol” that mean “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.”

Read More on The Register