Critical Vulnerabilities in VMware vCenter Server and VMware Cloud Foundation

VMware has released security updates to address critical vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in VMware vCenter Server and VMware Cloud Foundation.

Based on the official advisory, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution”.

_____________________________

A. Nature of Vulnerabilities

CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol

CVE-2023-34056

vCenter Server contains a partial information disclosure vulnerability.

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Kindly review the official advisory VMSA-2023-0023 and apply the necessary updates to mitigate future threats.
For additional information, kindly refer to the official report
- https://www.vmware.com/security/advisories/VMSA-2023-0023.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-34048
- https://nvd.nist.gov/vuln/detail/CVE-2023-34056