菜单
漏洞描述:
VMware vCenter Server 是 VMware 公司提供的一款关键的数据中心管理软件,它提供了 vSphere 虚拟基础架构的集中式管理。IT 管理员可以确保安全性和可用性,简化日常任务,并降低管理虚拟基础架构的复杂性。
具有 vCenter Server 网络访问权限的远程攻击者通过发送特制的网络数据包在 DCERPC 协议实施过程中来触发堆溢出漏洞,从而导致远程代码执行。
影响版本:
vCenter Server 8.0
vCenter Server 7.0
Cloud Foundation (vCenter Server) 5.x
Cloud Foundation (vCenter Server) 4.x
修复建议
目前官方已有可更新版本,建议受影响用户升级至最新版本:
VMware vCenter Server 8.0 U2d
VMware vCenter Server 8.0 U1e
VMware vCenter Server 7.0 U3r
VMware Cloud Foundation 5.x/4.x KB88287
下载和文档:
1、VMware vCenter Server 8.0 U2d:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5418
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u2d-release-notes/index.html
2、VMware vCenter Server 8.0 U1e:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5419
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u1e-release-notes/index.html
3、VMware vCenter Server 7.0 U3r:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5417
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3r-release-notes/index.html
4、Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
参考链接:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
粤公网安备 44010402002568号