VMware vCenter Server contains critical out-of-bounds write vulnerability
Key Information
- Vendor
- Vmware
- Status
- Vmware Vcenter Server
- Vmware Cloud Foundation (vmware Vcenter Server)
- Vendor
- CVE Published:
- 25 October 2023
Badges
Summary
The articles discuss a critical out-of-bounds write vulnerability in VMware vCenter Server, known as CVE-2023-34048, which can potentially lead to remote code execution. This vulnerability has been exploited by the Chinese espionage group UNC3886 since late 2021, posing a serious threat to affected systems. The attackers were able to exploit this vulnerability to gain unauthorized access to vCenter systems, and further exploit other VMware flaws to execute arbitrary commands and transfer files. The potential impact of this vulnerability is severe, as it allows attackers to gain privileged access to systems and compromise them. VMware has released patches to address this vulnerability, and users are advised to update to the latest version to mitigate any potential threats. This case highlights the importance of timely patching and security vigilance to protect against advanced cyber threats.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-34048 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
VMware vCenter Server < 8.0U2
VMware vCenter Server < 7.0U3o
VMware Cloud Foundation (VMware vCenter Server) = 5.x
News Articles
VMware critical RCE vulnerability in vCenter Server identified in $2.5 million Chinese zero day competition
There is no workaround for the critical CVE, which is one of a pair of bugs which let attackers carry out remote code execution or escalate privileges.
1 month ago
Prolonged exploitation of VMware zero-day conducted by Chinese hackers
Attacks exploiting a critical out-of-bounds write zero-day vulnerability in VMware Center Server, tracked as CVE-2023-34048, have been deployed by Chinese cyberespionage operation UNC3886 since 2021, two years before the flaw was identified and addressed, reports The Hacker News.
3 months ago
CISA adds VMware bug CVE-2023-34048 to its catalog
The U.S. CISA has added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog. In October 2023, VMware addressed the flaw CVE-2023-34048 with a CVSS score 9.8. On January 18, 2024, revealing that it is aware of exploitation “...
9 months ago
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by SystemTek
Vulnerability published.
Vulnerability Reserved.