CVE-2023-34048: Critical VMware vCenter Server Flaw Allows Remote Code Execution

CVE-2023-34048

In the rapidly evolving world of technology, ensuring the security of digital assets remains paramount. VMware, a giant in the realm of virtualization, is no stranger to these challenges. The company’s vCenter Server, a centralized management platform for VMware vSphere environments, is renowned for streamlining the management of ESXi hosts, virtual machines, and other vSphere components. Boasting advanced features such as vMotion, svMotion, and High Availability (HA), the vCenter Server significantly augments the performance, availability, and scalability of virtualized architectures.

Yet, regardless of its prowess, no system is immune to vulnerabilities. Recently, two significant security flaws were unveiled in the VMware vCenter Server.

1. Out-of-Bounds Write Vulnerability (CVE-2023-34048)

Severity: Critical (CVSS score of 9.8)

An out-of-bounds write vulnerability has been discovered in the vCenter Server, specifically in its implementation of the DCERPC protocol. The ramifications of this vulnerability are grave. A malicious actor, if they can gain network access to the vCenter Server, might potentially initiate an out-of-bounds write, leading to the possibility of remote code execution.

Affected Versions:

  • VMware vCenter Server versions 8.0 and 7.0
  • VMware Cloud Foundation (VMware vCenter Server) versions 5.x and 4.x

Patched Versions:

  • VMware vCenter Server versions 8.0U2, 8.0U1d, and 7.0U3o
  • VMware Cloud Foundation (VMware vCenter Server) fortified with the KB88287 patch

Recognizing the critical nature of this vulnerability, VMware has taken the unusual step of offering patches for end-of-life products not typically mentioned in its security advisories. These include patches for vCenter Server versions such as 6.7U3, 6.5U3, and VCF 3.x. Furthermore, additional patches for vCenter Server 8.0U1 and asynchronous patches for VCF 5.x and 4.x deployments are now available.

2. Partial Information Disclosure Vulnerability (CVE-2023-34056)

Severity: Moderate (CVSS score of 4.3)

A more subdued, yet still significant, vulnerability has been detected as a partial information disclosure flaw in the vCenter Server. While not as severe as the first, this vulnerability provides a gateway for malicious actors. Those with non-administrative privileges to the vCenter Server could potentially exploit this flaw to gain unauthorized access to data.

Affected Versions:

  • VMware vCenter Server versions 8.0 and 7.0
  • VMware Cloud Foundation (VMware vCenter Server) versions 5.x and 4.x

Patched Versions:

  • VMware vCenter Server versions 8.0U2, 8.0U1d, and 7.0U3o
  • VMware Cloud Foundation (VMware vCenter Server) integrated with the KB88287 patch

CVE-2023-34048 and CVE-2023-34056 are two critical vulnerabilities that were recently discovered in VMware vCenter Server. These vulnerabilities could allow attackers to take over a vCenter Server instance or access unauthorized data.

It is strongly recommended that you apply the patches that VMware has released for these vulnerabilities as soon as possible. You can also take other steps to help protect your vCenter Server environment from these and other vulnerabilities, such as keeping your software up to date, implementing strong password policies, and restricting network access to vCenter Server.