Emergency Security Bulletin - Updated Patch for Ivanti Vulnerabilities

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png

TABLE OF CONTENTS

NEW BLOGS

Vulnerability Bulletins

Emergency Security Bulletin: Apache Tomcat Path Equivalence...

Vulnerability Bulletins

Patch Tuesday - March 2025

Advisory Compliance

Sample PHI HIPAA Risk Technology Assessment for a Healthcare Provider

Vulnerability Bulletins

Emergency Security Bulletin: VMWare ESX Product Vulnerabilities

By: RedLegg's Cyber Threat Intelligence Team

10/22/24 04:35 PM

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Heap-Overflow Vulnerability in VMware vCenter Server

CVSS Score: 9.8 (Critical)
Identifier: CVE-2024-38812
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-38812 – VMware Security Advisory https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

Description: CVE-2024-38812 is a critical heap-overflow vulnerability in the DCE/RPC protocol implementation of VMware vCenter Server. This vulnerability can be exploited by sending specially crafted network packets, leading to potential remote code execution by an unauthenticated attacker.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the VMware Security Update Guide https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Immediate patching is recommended to prevent exploitation.

Privilege Escalation Vulnerability in VMware vCenter Server

CVSS Score: 7.5 (High)
Identifier: CVE-2024-38813
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-38813 – VMware Security Advisory https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

Description: CVE-2024-38813 is a privilege escalation vulnerability in VMware vCenter Server. This flaw allows attackers with network access to escalate privileges to root by sending specially crafted packets, potentially gaining full control over the system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the VMware Security Update Guide https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968Apply the patch as soon as possible to prevent escalation attacks.