News from 10/13/2024 – 10/20/2024
Release Notes
| Product | Version | Release Date | |
|---|---|---|---|
| HCX | 4.10.1 | 10/16/24 | Release Notes |
| HCX | 4.9.2 | 10/16/24 | Release Notes |
| HCX | 4.8.3 | 10/16/24 | Release Notes |
| Data Services Manager | 2.1.3 | 10/16/24 | Release Notes |
| vCenter Server (VMSA-2024-0019.2) | 7.0 u3t | 10/21/24 | Release Notes |
| vCenter Server (VMSA-2024-0019.2) | 8.0 u2e | 10/21/24 | Release Notes |
| vCenter Server (VMSA-2024-0019.2) | 8.0 u3d | 10/21/24 | Release Notes |
VCF BOM
| VCF 5.2.1 BOM | ||||
|---|---|---|---|---|
| Cloud Builder VM | 5.2.1 | 10/09 | 24307856 | Release Notes |
| SDDC Manager | 5.2.1 | 10/09 | 24307856 | Releae Notses |
| VMware vCenter Server Appliance | 8.0 U3c | 10/09 | 24305161 | Release Notes |
| VMware ESXi | 8.0 U3b | 09/17 | 24280767 | Release Notes |
| VMware vSAN Witness Appliance | 8.0 U3b | 09/17 | 24280767 | Release Notes |
| VMware NSX | 4.2.1 | 10/09 | 24304122 | Release Notes |
| VMware Aria Suite Lifecycle | 8.18 | 07/23 | 24029603 | Release Notes |
Security Advisory
VMSA-2024-0021 [HIGH][HCX][CVSSv3: 8.8]
CVE(s)
- Authenticated SQL injection in VMware HCX
(CVE-2024-38814) - VMware NSX local privilege escalation vulnerability (CVE-2024-38818)
- VMware NSX content spoofing vulnerability
(CVE-2024-38815)
Description:
VMware HCX contains an authenticated SQL injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. To remediate CVE-2024-38814 apply the patches listed in the ‚Fixed Version‘ column of the ‚Response Matrix‘ found below. VMware would like to thank Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative (ZDI) for reporting this issue to us.
Response Matrix:
| Version | CVE | Fixed Version | Workaround |
|---|---|---|---|
| 4.10.x | CVE-2024-38814 | 4.10.1 | None |
| 4.9.x | CVE-2024-38814 | 4.9.2 | None |
| 4.8.x | CVE-2024-38814 | 4.8.3 | None |
Knowledge Base Article
| Subject | KB Article |
|---|---|
| Virtual Machine becomes unresponsive or hangs when the CPU Limit is set to 0 | 380079 |
| ESXi.firewall-restrict-access The Configuration of the ESXi host firewall to restrict access to services running on the host is not as per the recommended value | 380049 |
| VM performance issues due to FC command timeouts and link failures | 380045 |
| Unable to Deploy Virtual Machine Through VMware Aria Automation Due to Missing Image Mapping | 379919 |
| NSX collection notification missed from Notifications icon | 379895 |
| Understanding License Usage for embedded Adapter instances | 379889 |
| Telegraf agent failed to install – „Control channel does not exist or could not be established“ | 379851 |
| Operation Management vSAN Configuration widget objects are all empty. | 379838 |
| Location of minion config files on Windows machine | 379823 |
| After migration of Chargeback to Aria Operations, alerts do not show on the Tenant Portal | 379822 |
| Unable to convert a VMware virtual machine snapshot to a memory dump | 379821 |
| Error resolving „<Support Tunnel FQDN>“: Temporary failure in name resolution (EAI_AGAIN) | 379786 |
| NSX-T Edge Upgrade fails to download the nub bundle | 379765 |
| Troubleshooting NSX IPSEC VPN | 379731 |
| ESXi fails with PSOD Panic Message: @BlueScreen: NMI IPI: Panic requested by another PCPU. RIPOFF(base) | 379711 |
| Broken management channel on port 1234 resulting in datapath impacts | 379698 |
| Powered off VMS with snapshots are not showing under reclaim | 379680 |
| HCX is not migrating or passing traffic over network extensions at expected speeds | 379617 |
| Host status ‚unknown‘ in vLCM | 379607 |
| Unable to apply vSphere license to ESXi hosts | 379600 |
| VMs are not showing in discovered state | 379588 |
| Is it possible to transfer Nvidia GPU graphics profiles between vms? | 379573 |