Very High
CVE-2023-34048
CVE-2023-34048
Description
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Add Assessment
Technical Analysis
Critical out-of-bounds write vuln in vCenter Server and Cloud Foundation. While we haven’t looked at this in-depth, VMware’s advisory indicates that it’s been exploited in the wild, and they took the unusual step of patching several end-of-life versions of vCenter Server:
While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.
The vuln requires network access to exploit, for whatever that’s worth at this point in threat-land. Typical skepticism on ease/reliability of exploitation applies given that this is a memory corruption vuln, but with that said, vCenter is a high-value target for skilled and motivated threat actors, including ransomware groups. vCenter Server customers should heed the FAQ advice and patch on an emergency basis.
Edit: Mandiant has published technical information revealing that this vuln has apparently been exploited since 2021 by UNC3886, a China-nexus threat actor. So it is 0day after all.
CVSS V3 Severity and Metrics
General Information
Vendors
- vmware
Products
- vcenter server,
- vcenter server 7.0,
- vcenter server 8.0
Exploited in the Wild
References
