October 25, 2023 at 05:06AM
VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to control network access and apply the necessary patches. VMware has also patched another vulnerability (CVE-2023-34056) that could be exploited for partial information disclosure.
Key Takeaways from Meeting Notes:
– VMware has issued security updates to address a critical vulnerability in vCenter Server that could lead to remote code execution attacks.
– The vulnerability (CVE-2023-34048) was reported by Grigory Dorodnov of Trend Micro’s Zero Day Initiative and is related to an out-of-bounds write weakness in vCenter’s DCE/RPC protocol implementation.
– Unauthenticated attackers can exploit this vulnerability remotely, without user interaction.
– VMware has provided security patches through standard update mechanisms for vCenter Server, including for end-of-life products.
– There is no workaround available for this vulnerability, so strict network perimeter access controls are recommended.
– Specific network ports (2012/tcp, 2014/tcp, and 2020/tcp) are linked to potential exploitation of this vulnerability.
– In addition, VMware has patched a partial information disclosure vulnerability (CVE-2023-34056) that could allow threat actors with non-administrative privileges to access sensitive data on vCenter servers.
– Organizations are advised to consider these updates as emergency changes and consult with their information security staff for the appropriate action.
– VMware has previously addressed other high-severity security flaws in vCenter Server, as well as patched a zero-day in ESXi and a critical flaw in the Aria Operations for Networks analytics tool.