VMware Addresses Critical Security Flaw in vCenter Server

In recent cybersecurity developments, VMware, a global leader in cloud infrastructure and digital workspace technology, has taken swift action to rectify a critical vulnerability found in its vCenter Server. This flaw, if exploited, had the potential to allow unauthorized code execution, thus posing a significant risk to the security of systems running vCenter Server.

This critical vulnerability, labeled as CVE-2023-34048, was brought to light by Grigory Dorodnov from Trend Micro’s Zero Day Initiative. The flaw emerges from an out-of-bounds write issue in the DCE/RPC protocol, a component of vCenter. What makes this vulnerability even more concerning is the ability of unauthorized attackers to exploit it remotely. These attacks are of low complexity and do not necessitate any form of user engagement. VMware has clarified that, as of now, there is no indication of this bug being exploited in real-world attacks.

Addressing this pressing issue, VMware has released security patches which can be installed using the regular vCenter Server update channels. Recognizing the severity of this flaw, the company has gone a step further by releasing patches for several end-of-life products, despite these products not being actively supported anymore.

VMware stated, “Given the gravity of this vulnerability, and in the absence of any alternate solution, VMware has proactively released patches for versions such as vCenter Server 6.7U3, 6.5U3, and VCF 3.x. Additionally, updates for vCenter Server 8.0U1 have been rolled out, along with asynchronous patches for VCF versions 5.x and 4.x.”

Immediate Action Recommended

As there is no direct workaround for this vulnerability, VMware is stressing the importance of stringent control over network perimeter access related to vSphere management components. This includes not just the primary management interface but also storage and associated network components. The ports that are potentially vulnerable and might be exploited are 2012/tcp, 2014/tcp, and 2020/tcp.

Furthermore, VMware has rectified another vulnerability, CVE-2023-34056, which had a severity score of 4.3 out of 10. This flaw could have allowed non-admin users to gain access to confidential data on vCenter servers.

In their advisory, VMware emphasized, “Given the urgency of the situation, immediate action is advised. However, it’s essential to understand the context and consult with your organization’s cybersecurity team to make an informed decision.”

It’s worth noting that this isn’t the first time VMware has had to address security concerns. Earlier in June, the company rectified various vCenter Server vulnerabilities that posed risks related to code execution and authentication bypass.

Additionally, VMware addressed an ESXi zero-day vulnerability that was reportedly exploited by state-sponsored hackers for data theft. They also issued a warning about a grave flaw in the Aria Operations for Networks analytics tool, which was subsequently patched.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware vCenter Server8.0AnyCVE-2023-34048, CVE-2023-340569.8, 4.3Critical 8.0U2NoneFAQ
VMware vCenter Server8.0AnyCVE-2023-340489.8Critical 8.0U1dNoneFAQ
VMware vCenter Server7.0AnyCVE-2023-34048, CVE-2023-340569.8, 4.3Critical 7.0U3oNoneFAQ
VMware Cloud Foundation (VMware vCenter Server)5.x, 4.xAnyCVE-2023-34048, CVE-2023-340569.8, 4.3Critical KB88287NoneFAQ

Fixed Version(s) and Release Notes:

VMware vCenter Server 8.0U2
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=VC80U2&productId=1345&rPId=110105

VMware vCenter Server 8.0U1d
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=VC80U1D&productId=1345&rPId=112378

VMware vCenter Server 7.0U3o
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=VC70U3O&productId=974&rPId=110262

Cloud Foundation 5.x/4.x
https://kb.vmware.com/s/article/88287

Mitre CVE Dictionary Links
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34056


FIRST CVSSv3 Calculator
CVE-2023-34048: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-34056: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥

🚨Read my blog: https://angrysysops.com/

👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin

Please leave the comment