CISA Warns of VMware vCenter Vulnerabilities
/ 1 min read
CISA issues critical warning on VMware vCenter vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations to two severe vulnerabilities in VMware’s vCenter Server, identified as CVE-2024-38812 and CVE-2024-38813. The first vulnerability, CVE-2024-38812, is a heap-based buffer overflow that could allow attackers to execute remote code with network access, while CVE-2024-38813 enables privilege escalation, granting unauthorized users full administrative control. Although there is no evidence of current exploitation, CISA stresses the urgency of applying VMware’s updates and mitigations before the December 11, 2024 deadline. Organizations are advised to discontinue the use of vulnerable products if updates cannot be implemented, as failure to act could lead to significant security breaches.