Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

Source: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/

More info: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e

https://bit.ly/3Op1x2F - 🔎 Sternum recently reverse-engineered the Wemo Mini Smart Plug V2, a popular device aiding users in remote control of electric devices. A buffer overflow vulnerability, coined as the 'FriendlyName', was discovered which could potentially be used for remote command injection. #Wemo #SmartPlug #CyberSecurity 🔧 Gaining firmware access to the device was a challenge, but through booting into recovery mode and changing the root password, Sternum gained system access. Various tools were then uploaded to the device for debugging purposes. #Firmware #Debugging 🐞 The 'FriendlyName' vulnerability was pinpointed after bypassing app restrictions and identifying the processes handling this variable. However, uncovering the exact source of heap metadata corruption required more in-depth analysis. #Vulnerability #HeapCorruption 🎯 The breaking point was identified via a gdb script tracking down the bug causing heap corruption. Observing the $pc pointer's behaviour during an overflow incident shed light on the potential exploitation of the vulnerability. #Exploit #ROPchains 💻 Sternum exploited the vulnerability using a binary exploitation technique known as ROP chains. Despite limitations due to the Wemo_ctrl loading address and the 80-byte payload size, a successful command injection was achieved through the snprintf() function. #BinaryExploitation #CommandInjection 📬 Sternum disclosed the vulnerability to Belkin via Bugcrowd on January 9th, 2023. However, Belkin responded stating that the device is at the end of its life and will not address the vulnerability. This leaves a potential attack vector open via the Wemo infrastructure. #Disclosure #SecurityAdvisory ⚠️ Users are advised to exercise caution when using Wemo Mini Smart Plug V2 due to the unaddressed 'FriendlyName' vulnerability.

The tracked as CVE-2021-42321 impacts 2016 and Exchange Server 2019, and it is caused by improper validation of cmdlet arguments according to Redmond's cstu.io/a8c120

Netgear Router Security Advisory

Netgear Router Security Advisory #firmware #Router #routers #security #securityadvisory

Netgear Router Security Advisory Netgear has recently issued a security advisory to users of its routers, where unauthenticated web pages can pass form input directly to the command line interface.  A remote attacker can potentially inject arbitrary commands into this form and cause execution of the injected command by the affected system. This notice covers these advisory numbers: VU582384 and…

View On WordPress

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

Source: https://gbhackers.com/multiple-vmware-nsx-vulnerabilities/

More info: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

Source: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

More info: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Source: https://www.helpnetsecurity.com/2024/10/22/cve-2024-38812-cve-2024-38813-fixed-again/

More info: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

Source: https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html

More info: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453