Security news that informs and inspires

VMware Fixes Critical-Severity vCenter Server Bug


VMware has released patches for a critical-severity vulnerability in its centralized management utility, vCenter Server, which could enable remote code execution attacks.

vCenter Server helps users manage virtual machines, ESXi hosts, and other components from a centralized location. The flaw (CVE-2023-34048) is an out-of-bounds write issue that specifically stems from the implementation of DCE/RPC, the protocol for remote procedure calls.

“A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution,” according to VMware’s advisory on Wednesday.

VMware has not seen evidence of exploitation of the flaw, which has a CVSS v3 score of 9.8 out of 10. However, VMware said that because the flaw impacts vCenter Server “the scope is large.”

VMware released patches on Wednesday for versions 7 and 8 of vCenter Server along with asynchronous fix for VMware Cloud Foundation 4.x, and 5.x. Additionally, “while VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x,” said VMware. “For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.”

VMware in its Wednesday advisory also issued fixes for a partial information disclosure flaw in vCenter Server, which has a lower CVSS score of 4.3 out of 10. According to VMware, a threat actor with non-administrative privileges for vCenter Server could leverage the flaw “to access unauthorized data.”

The company earlier this week also said that exploit code for a previously disclosed and patched flaw in its Aria Operations for Logs has been published. The flaw (CVE-2023-34051) is an authentication bypass bug, which can enable an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance, potentially resulting in remote code execution. VMware customers are urged to apply patches for the flaw.