VMware vCenter Server Vulnerability Exploited in Wild - Patch Now!
To be fair, this has been patched since October 2023. However, there is definite evidence the vulnerability is being exploited in the wild. Also, NEVER NEVER NEVER expose your vCenter Server management interface to the Internet.
CVE-2023-34048 is identified as an out-of-bounds write vulnerability linked to the DCERPC protocol's implementation. This vulnerability enables attackers with network access to the vCenter Server to execute arbitrary code remotely.
Grigory Dorodnov from Trend Micro’s Zero Day Initiative discovered this issue. Due to its severity, VMware issued patches in October, even for product versions that had already reached their end-of-life (EoL) status.
VMware has since updated its initial security advisory, confirming that CVE-2023-34048 has been exploited in the wild.
As of this writing, specific details about the attacks exploiting the vCenter Server vulnerability are not available.
While there seems to be no public Proof of Concept (PoC) exploit, technical information about the vulnerability has been accessible since early December.
Data from the Shadowserver Foundation indicates that several hundred instances of VMware vCenter Server, potentially vulnerable and exposed to the internet, are currently in operation.