VMware has released security updates to address critical vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in VMware vCenter Server and VMware Cloud Foundation.

Based on the official advisory, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution”.

_____________________________

A. Nature of Vulnerabilities

CVE-2023-34048

  • vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol

CVE-2023-34056

  • vCenter Server contains a partial information disclosure vulnerability.

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Kindly review the official advisory VMSA-2023-0023 and apply the necessary updates to mitigate future threats.
  • For additional information, kindly refer to the official report
    • https://www.vmware.com/security/advisories/VMSA-2023-0023.html
    • https://nvd.nist.gov/vuln/detail/CVE-2023-34048
    • https://nvd.nist.gov/vuln/detail/CVE-2023-34056