VMware has released security updates to address critical vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in VMware vCenter Server and VMware Cloud Foundation.
Based on the official advisory, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution”.
_____________________________
A. Nature of Vulnerabilities
CVE-2023-34048
- vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol
CVE-2023-34056
- vCenter Server contains a partial information disclosure vulnerability.
_____________________________
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Kindly review the official advisory VMSA-2023-0023 and apply the necessary updates to mitigate future threats.
- For additional information, kindly refer to the official report
- https://www.vmware.com/security/advisories/VMSA-2023-0023.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-34048
- https://nvd.nist.gov/vuln/detail/CVE-2023-34056