Yesterday CISA announced the addition of two vulnerabilities in the VMware vCenter Server to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities were previously reported by Broadcom. The vulnerabilities were demonstrated by zbl & srs of team TZL at this years Matrix Cup cybersecurity competition in China.
The two vulnerabilities are:
• Out-of-bounds
write - CVE-2024-38812, and
• Improper check for dropped privileges - CVE-2024-38813
CISA has ordered federal agencies using the vCenter Server to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for achieving this requirement is December 11th, 2024.
Posts
No comments:
Post a Comment