VMware has released security updates to address critical vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in VMware vCenter Server and VMware Cloud Foundation.
Based on the official advisory, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution”.
A. Nature of Vulnerabilities
- vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol
- vCenter Server contains a partial information disclosure vulnerability.
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Kindly review the official advisory VMSA-2023-0023 and apply the necessary updates to mitigate future threats.
- For additional information, kindly refer to the official report