Attacker Value
Very High
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2023-34048

Disclosure Date: October 25, 2023
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Add Assessment

1
Ratings
Technical Analysis

Critical out-of-bounds write vuln in vCenter Server and Cloud Foundation. While we haven’t looked at this in-depth, VMware’s advisory indicates that it’s been exploited in the wild, and they took the unusual step of patching several end-of-life versions of vCenter Server:

While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.

The vuln requires network access to exploit, for whatever that’s worth at this point in threat-land. Typical skepticism on ease/reliability of exploitation applies given that this is a memory corruption vuln, but with that said, vCenter is a high-value target for skilled and motivated threat actors, including ransomware groups. vCenter Server customers should heed the FAQ advice and patch on an emergency basis.

Edit: Mandiant has published technical information revealing that this vuln has apparently been exploited since 2021 by UNC3886, a China-nexus threat actor. So it is 0day after all.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • vmware

Products

  • vcenter server,
  • vcenter server 7.0,
  • vcenter server 8.0

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis