January 22, 2024 at 05:12PM A critical VMware vulnerability, CVE-2023-34048, was exploited by a Chinese APT, UNC3886, since late 2021 as a zero-day. The group utilized this to gain remote code-execution capabilities and compromise ESXi hosts. Organizations must ensure patching was effective, as many may still be vulnerable due to various challenges in deploying patches. … Read more
January 22, 2024 at 06:12AM Mandiant reports that a Chinese cyberespionage group exploited a zero-day vulnerability in VMware vCenter Server (CVE-2023-34048) since 2021. The flaw allows remote code execution and was actively exploited, with evidence suggesting a sophisticated China-linked group, UNC3886, as responsible. VMware released patches and urged customers to apply them promptly. Key Takeaways … Read more
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in … Read more
January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed … Read more
October 25, 2023 at 03:40PM VMware has advised customers to update their vCenter Servers due to a critical flaw that could result in remote code execution. The flaw, assigned a high severity score of 9.8, allows for an out-of-bounds write vulnerability in the DCERPC protocol. It is considered a serious threat to the confidentiality, integrity, … Read more
October 25, 2023 at 09:21AM Virtualization technology leader VMware has issued an urgent warning about a critical remote code execution flaw in its vCenter Server and VMware Cloud Foundation products. The vulnerability allows attackers with network access to execute remote code. VMware has released patches for the affected products, including older versions. Additionally, a moderate-severity … Read more
October 25, 2023 at 12:33AM VMware has disclosed a critical vulnerability in its vCenter Server, along with a patch to fix it. The vulnerability, known as CVE-2023-34048, allows a malicious actor with network access to trigger an out-of-bounds write and potentially execute remote code. VMware has also released patches for unsupported versions of the software. … Read more