VMware Confirms CVE-2023-34048 RCE Flaw in vCenter Exploited in the Wild
On October 25, 2023, VMware issued critical security updates to address a severe vulnerability in its vCenter Server, which had the potential to enable remote code execution (RCE) attacks on susceptible servers.
vCenter Server stands as the central management hub within VMware’s vSphere suite, playing an instrumental role in enabling administrators to oversee and control virtualized infrastructure. The vulnerability, identified as CVE-2023-34048 (CVSS 9.8), was brought to light by Grigory Dorodnov from Trend Micro’s Zero Day Initiative. It stems from an out-of-bounds write weakness in the implementation of the Distributed Computing Environment / Remote Procedure Call (DCE/RPC) protocol by vCenter.
This flaw poses a significant security risk, as it allows unauthenticated attackers to remotely exploit it in low-complexity attacks that do not necessitate user interaction. This makes it alarmingly accessible to potential cyber criminals and increases the urgency for effective countermeasures.
Understanding the gravity of this situation, VMware has swiftly released security patches through the standard vCenter Server update mechanisms. Remarkably, due to the critical nature of this bug, VMware has also issued patches for several end-of-life products that are no longer under active support.
In a notable deviation from its standard policy, VMware has made patches generally available for older versions of its software, including vCenter Server 6.7U3, 6.5U3, and VCF 3.x, citing the critical severity of the vulnerability and the absence of any viable workaround. Additionally, VMware has released patches for vCenter Server 8.0U1 and has provided asynchronous patches for VCF 5.x and 4.x deployments.
As of January 17, 2024, VMware has reported evidence that the CVE-2023-34048 RCE bug is currently being exploited in attacks. This ongoing threat accentuates the importance of immediate action by organizations using VMware’s vCenter Server to ensure they are safeguarded against potential intrusions.
For businesses and organizations relying on VMware’s virtualized infrastructure, updating to the latest security patches is not just a recommendation – it is an imperative step in fortifying their defenses against a landscape of ever-evolving cyber threats.
