VMware vCenter Server Multiple Vulnerabilities
Multiple vulnerabilities were identified in VMware vCenter Server. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.
Note:
For CVE-2023-34048, a malicious actor with network access to vCenter Server may use this vulnerability to trigger an out-of-bounds write potentially leading to remote code execution. The CVE-2023-34048 vulnerability is being exploited in the wild.
[Updated on 2024-01-22]
The CVE-2023-34048 vulnerability is being exploited in the wild. Hence, the risk level is rated from Medium Risk to High Risk.
RISK: High Risk
TYPE: Servers – Network Management
Impact
- Information Disclosure
- Remote Code Execution
System / Technologies affected
- VMware vCenter Server 7.0 and 8.0
- VMware Cloud Foundation 4.x and 5.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply fixes issued by the vendor:
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.