25 October 2023

VMware warns of a dangerous vCenter Server RCE bug


VMware warns of a dangerous vCenter Server RCE bug

Virtualization services provider VMware has released security updates to fix a critical vulnerability in the vCenter Server that could result in remote code execution on impacted systems.

Tracked as CVE-2023-34048, the flaw is an out-of-bounds write issue in the DCERPC protocol implementation. A remote non-authenticated attacker can send a specially crafted RPC request to the vCenter Server, trigger an out-of-bounds write and execute arbitrary code on the target system.

VMware said that there are no workarounds to mitigate the vulnerability and urged customers to apply the fixed versions of software: VMware vCenter Server 8.0 (8.0U1d or 8.0U2), VMware vCenter Server 7.0 (7.0U3o), VMware Cloud Foundation 5.x and 4.x.

Furthermore, due to the severity of the flaw the vendor released a patch for end-of-life products, including vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.

Besides CVE-2023-34048, the company patched a low-severity bug (CVE-2023-34056) that allows a remote user to gain unauthorized access to sensitive information.

Earlier this month, VMware warned of the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw (CVE-2023-34051) in Aria Operations for Logs.

Separately, a PoC exploit has been made available for a Citrix NetScale vulnerability (CVE-2023-4966 aka Citrix Bleed), which has been exploited as a zero-day flaw since August 2023.

Back to the list

Latest Posts

Massive botnet abuses misconfigured DNS records to deliver malware

Massive botnet abuses misconfigured DNS records to deliver malware

The threat actor took advantage of SPF records with an overly permissive configuration option, which allows any server to send emails on behalf of a domain.
16 January 2025
Russia-linked hackers increasingly exploiting legitimate services in Ukraine to carry out cyberattacks

Russia-linked hackers increasingly exploiting legitimate services in Ukraine to carry out cyberattacks

Most of the cyberattacks targeting Ukraine over the past year were intended for espionage, financial theft, or to inflict psychological damage.
16 January 2025
Codefinger hackers target Amazon S3 buckets with encryption attacks

Codefinger hackers target Amazon S3 buckets with encryption attacks

The attacks rely on AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C) feature.
15 January 2025