Headline
Virtual Alarm: VMware Issues Major Security Advisory
VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8.
The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software for “vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol,” the vendor added.
The vCenter Server platform is used for managing vSphere installations in hybrid cloud environments.
John Gallagher, vice president with Viakoo Labs, characterized the bug in a statement as “serious as it gets,” because it’s both dangerous and impacts VMware vCenter Servers, which are widely used across a variety of organizations and industry sectors.
“The reason for it having a severity score of 9.8 is in how it devastates the entire CIA Triad of confidentiality, integrity, and availability,” Gallgher explained. “Successful exploit of this CVE gives complete access to the environment, and enables remote code execution for further exploitation.”
Another sure sign of the severity is VMware taking the unusual step of offering up patches for old versions, Mayuresh Dani, security research manager at Qualys, explained in a statement.
“The fact that VMware released patches for end of life (EOL) versions that are affected by this vulnerability speaks to how critical it is, since EOL software seldom gets patched,” Dani added.
The advisory said patches will be issued for vCenter Server 6.7U3, 6.5U3, and VCF 3.x, as well as vCenter Server 8.0U1.
Second Patch for VMware Cloud Foundation
An additional flaw was reported by VMware in its VMware Cloud Foundation, but this bug, tracked under CVE-2023-34056, has been assigned a less urgent CVSS score of 4.3. The vulnerability could allow an unauthorized user access data, the advisory explained.
Both flaws were responsibly reported by researchers, VMware added in its advisory, however as organizations rush to patch, there will be an inevitable “window of vulnerability” for threat actors to take advantage of unpatched systems, Gallagher added.
“Organizations using vCenter Server should ensure they have a current inventory of its usage, and a plan to patch,” Gallagher advised. “Mitigation for this directly appears limited, but using network access control and monitoring might catch lateral movement once a threat actor uses this to gain a foothold.”
Related news
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with
Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write and information disclosure vulnerabilities in its server management software, vCenter Server. (Read more...) The post Update vCenter Server now! VMWare fixes critical vulnerability appeared first on Malwarebytes Labs.
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write and information disclosure vulnerabilities in its server management software, vCenter Server. (Read more...) The post Update vCenter Server now! VMWare fixes critical vulnerability appeared first on Malwarebytes Labs.
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds