VMware vCenter released a new security advisory (VMSA-2019-0010) detailing two Linux Kernel vulnerabilities in TCP selective acknowledgment (CVE-2019-11477, CVE-2019-11478). These vulnerabilities can lead to a denial of service attack causing your network's performance to degrade or crash altogether.
VMware's security advisory lists the following two vulnerabilities which affect a variety of VMware products:
- CVE-2019-11477 - SACK Panic - A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
- CVE-2019-11478 - SACK Excess Resource Usage - a crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Attackers will need access to an affected system and be able to send traffic before being able to exploit the vulnerability. If an attacker is able to exploit the vulnerability, your network will experience issues similar to a conventional denial of service attack. This means that your network's performance will suffer significantly or go down all together preventing anyone in your environment from using it.
Discover Outdated vCenter Servers
Lansweeper retrieves detailed information from vCenter servers and the virtual environments they manage. With the custom color-coded vulnerability audit, you can tell you in no time which vCenter servers have an outdated build and need to be patched as soon as possible. The specific patches for your vCenter server appliance can be found by taking a look at the response matrix of the VMware security advisory.
If you haven't already, start your free Lansweeper trial and get a report of all vulnerable devices in no time.