January 19, 2024 at 06:12AM
VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed instances. CISA lists 21 VMware product flaws in their exploited vulnerability catalog.
From the meeting notes, the following key points can be highlighted:
1. CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being actively exploited in the wild, allowing attackers to remotely execute arbitrary code.
2. The vulnerability was discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative and was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life status.
3. VMware has confirmed the exploitation of CVE-2023-34048 and while no specific information on attacks exploiting the vCenter Server vulnerability is available at the time of writing, it is noted that hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server currently exist.
4. There is no public PoC exploit available, but technical details have been available since early December.
5. It is mentioned that VMware products are often targeted by malicious actors, and the known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws.
Related reports include recommendations from CISA to patch exploited Roundcube and VMware flaws, along with advisories from VMware urging customers to patch critical vulnerabilities in Aria Automation and VMware Cloud Director Appliance.