October 25, 2023 at 09:21AM
Virtualization technology leader VMware has issued an urgent warning about a critical remote code execution flaw in its vCenter Server and VMware Cloud Foundation products. The vulnerability allows attackers with network access to execute remote code. VMware has released patches for the affected products, including older versions. Additionally, a moderate-severity flaw has been identified, which could result in unauthorized data access. Users are advised to apply the patches promptly. VMware also alerted users about an authentication bypass flaw in VMware Aria Operations for Logs and urged immediate patching of the affected appliance.
Key Takeaways from the Meeting Notes:
1. VMware has identified a critical remote code execution flaw in vCenter Server and VMware Cloud Foundation products.
2. The vulnerability, labeled as CVE-2023-34048, allows a hacker with network access to launch remote code execution attacks.
3. This bug is an out-of-bounds write issue in the implementation of the DCE/RPC protocol and has a CVSS severity score of 9.8/10.
4. VMware has released patches for older, end-of-life products such as vCenter Server 6.7U3, 6.5U3, VCF 3.x, and vCenter Server 8.0U1. Asynchronous vCenter Server patches for VCF 5.x and 4.x are also available.
5. A second moderate-severity flaw, CVE-2023-34056, has also been identified, which could result in partial disclosure of information.
6. Non-administrative users can exploit this flaw to access unauthorized data, and VMware urges users to apply the available updates urgently.
7. In a separate advisory, VMware has highlighted security issues in VMware Aria Operations for Logs.
8. An authentication bypass flaw has been found, and exploit code for it has been published online.
9. This vulnerability (tracked as CVE-2023-34051) could allow an unauthenticated attacker to inject files into the operating system, leading to remote code execution.
10. The maximum CVSSv3 base score for the VMware Aria Operations for Logs vulnerability is 8.1/10.