Broadcom VMware Critical Update - 20240919002 (#994)

* Broadcom VMware Critical Update - 20240919002 * Broadcom VMware Critical Update - 20240919002 * Format markdown docs * Update 20240919002 Attempted removal of slashes during commit --------- Co-authored-by: carel-v98 <carel-v98@users.noreply.github.com> Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
wagov · Sep 19, 2024 · ab40378 · ab40378
1 parent 67c22d1
commit ab40378
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/docs/advisories/20240919002-Broadcom-VMware-Critical-Update.md b/docs/advisories/20240919002-Broadcom-VMware-Critical-Update.md
@@ -0,0 +1,26 @@
+# Broadcom VMware Critical Update - 20240919002
+
+## Overview
+
+Broadcom released security updates to address a critical vulnerability in VMware vCenter Server that could lead to remote code execution.
+
+## What is vulnerable?
+
+| Product(s) Affected     | Version(s)                         | CVE #                              | CVSS v4/v3   | Severity                   |
+| ----------------------- | ---------------------------------- | ---------------------------------- | ------------ | -------------------------- |
+| vCenter Server          | 8.0 < U3b <br> 7.0 < U3s         | [CVE-2024-38812](https://nvd.nist.gov/vuln/detail/CVE-2024-38812) <br> [CVE-2024-38813](https://nvd.nist.gov/vuln/detail/CVE-2024-38813) | 9.8 <br> 7.5 | **Critical** <br> **High** |
+| VMware Cloud Foundation | 5.x < 8.0 U3b <br> 4.x < 7.0 U3s | [CVE-2024-38812](https://nvd.nist.gov/vuln/detail/CVE-2024-38812) <br> [CVE-2024-38813](https://nvd.nist.gov/vuln/detail/CVE-2024-38813) | 9.8 <br> 7.5 | **Critical** <br> **High** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hrs...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Broadcom Advisory: <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968>
+
+## Additional References
+
+- SecurityAffairs article: <https://securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html>