CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.
The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.
VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild.
[...]
VMware vCenter Server Vulnerability Exploited in Wild
VMware vCenter Server Vulnerability Exploited in Wild
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
VMware vCenter Server Vulnerability Exploited in Wild
Robert B. Carleton + ISC2 Central Mississippi President