In a bid to fortify its virtualization infrastructure, VMware has recently rolled out crucial security updates to tackle a severe vulnerability within the vCenter Server. The identified flaw, denoted as CVE-2023-34048 with a substantial CVSS score of 9.8, revolves around an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol.
CVE-2023-34048
According to VMware’s advisory, a malevolent actor possessing network access to the vCenter Server could exploit the CVE-2023-34048 weakness, triggering an out-of-bounds write and potentially leading to remote code execution. Grigory Dorodnov of Trend Micro Zero Day Initiative is credited with the discovery and reporting of this significant vulnerability.
Notably, VMware emphasized the absence of workarounds to mitigate this vulnerability, underscoring the importance of prompt action. Security updates have been promptly released, covering various versions of the software. Affected versions include VMware vCenter Server 8.0 (8.0U1d or 8.0U2), VMware vCenter Server 7.0 (7.0U3o), and VMware Cloud Foundation 5.x and 4.x.
Recognizing the gravity of the situation and the potential risks associated with the flaw, VMware has extended its efforts by providing a patch for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. This comprehensive approach aims to ensure that a broader range of users can fortify their systems against any exploitation stemming from this vulnerability.
CVE-2023-34056
In tandem with addressing CVE-2023-34048, VMware’s latest update also tackles another vulnerability, CVE-2023-34056, with a CVSS score of 4.3. This vulnerability is a partial information disclosure flaw affecting the vCenter Server. It could potentially enable a threat actor with non-administrative privileges to gain unauthorized access to sensitive data.
In a FAQ section, VMware has clarified that there is no evidence of in-the-wild exploitation of these vulnerabilities. However, as a proactive measure, the company strongly urges its customers to promptly apply the provided patches to mitigate any potential threats. This swift response underscores VMware’s commitment to the security of its virtualization services, ensuring users can operate in a secure and resilient digital environment.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: