Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
VMware vCenter Serv...
Clear all

VMware vCenter Server Vulnerability Exploited in Wild - Patch Now!

1 Posts
1 Users
Brandon Lee
Posts: 440
Member Admin
Topic starter

To be fair, this has been patched since October 2023. However, there is definite evidence the vulnerability is being exploited in the wild. Also, NEVER NEVER NEVER expose your vCenter Server management interface to the Internet. 

CVE-2023-34048 is identified as an out-of-bounds write vulnerability linked to the DCERPC protocol's implementation. This vulnerability enables attackers with network access to the vCenter Server to execute arbitrary code remotely.

Grigory Dorodnov from Trend Micro’s Zero Day Initiative discovered this issue. Due to its severity, VMware issued patches in October, even for product versions that had already reached their end-of-life (EoL) status.

VMware has since updated its initial security advisory, confirming that CVE-2023-34048 has been exploited in the wild.

As of this writing, specific details about the attacks exploiting the vCenter Server vulnerability are not available.

While there seems to be no public Proof of Concept (PoC) exploit, technical information about the vulnerability has been accessible since early December.

Data from the Shadowserver Foundation indicates that several hundred instances of VMware vCenter Server, potentially vulnerable and exposed to the internet, are currently in operation.

Posted : 19/01/2024 10:02 am
t3hbeowulf reacted