VMware has taken swift action to address a critical vulnerability in the vCenter Server that could potentially lead to remote code execution on vulnerable systems. The discovery of this flaw was made by VMware itself, and the company has promptly responded by issuing crucial security updates.
An out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol has been identified as the issue, which has been assigned the tracking number CVE-2023-34048 and received a CVSS score of 9.8.
[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing
An alert provided by VMware today states, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution,” This information is sourced directly from the company’s statement.
Grigory Dorodnov of the Trend Micro Zero Day Initiative is the one who is credited with discovering and disclosing the vulnerability.
According to VMware, there are no effective workarounds available to mitigate the impact of this vulnerability. As a response, security upgrades have been rolled out in the following software versions:
- Version 8.0 of the VMware vCenter Server (either 8.0U1d or 8.0U2)
- Version 7.0 Update 3o for VMware vCenter Server
- This upgrade also applies to both VMware Cloud Foundation 5.x and 4.x.
Recognizing the gravity of the vulnerability and the unavailability of immediate remedies, the virtualization services provider has taken the proactive step of providing a fix for vCenter Server versions 6.7U3, 6.5U3, and VCF 3.x as well.
The most recent version fixes CVE-2023-34056 (CVSS score: 4.3), which is a vulnerability affecting the vCenter Server that could allow a malicious actor with non-administrative credentials to access unauthorized data. The vulnerability is a partial information disclosure issue.
VMware stated in a separate Frequently Asked Questions section that the company is not aware of any exploits in the wild that make use of the holes. Still, it has advised users to move rapidly to deploy the patches as soon as possible in order to protect themselves from any potential dangers.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.