WARNING: Two new vulnerabilities in VMware vCenter Server

Image
Decorative image
Published : 25/10/2023

Reference:
Advisory #2023-129

Version:
1.0

Affected software:
VMware Cloud Foundation (VMware vCenter Server) versions 4.x and 5.x
VMware vCenter Server versions 7.0 and 8.0

Type:
Remote Code Execution, Partial Information Disclosure

CVE/CVSS:
CVE-2023-34048 - 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2023-34056 - 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Sources

https://www.vmware.com/security/advisories/VMSA-2023-0023.html

Risks

The critical vulnerability affecting VMware vCenter Server has a HIGH impact on Confidentiality, Integrity, and Availability. No user interaction is required to exploit this vulnerability and the attack complexity is low.

VMware is not currently aware of exploitation “in the wild.”

Description

CVE-2023-34048: Out-of-Bounds Write Vulnerability

VMware vCenter Server is affected by an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.

An attacker with network access to vCenter Server can trigger an out-of-bounds write that can potentially lead to remote code execution.

CVE-2023-34056: Partial Information Disclosure

VMWare vCenter Server contains a partial information disclosure vulnerability.

An attacker with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit VMWare’s software download pages and install the patched versions of this software.

References

​https://via.vmw.com/vmsa-2023-0023-qna">https://via.vmw.com/vmsa-2023-0023-qna">​https://via.vmw.com/vmsa-2023-0023-qna

https://nvd.nist.gov/vuln/detail/CVE-2023-34048

https://nvd.nist.gov/vuln/detail/CVE-2023-34056