CVE-2023-34048: VMware vCenter Server Out-of-Bounds Write Vulnerability

CVE ID

CVE-2023-34048

Vulnerability Name

VMware vCenter Server Out-of-Bounds Write Vulnerability

• Project: VMware
• Product: vCenter Server

Date

• Date Added: 2024-01-22
• Due Date: 2024-02-12

Description

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.vmware.com/security/advisories/VMSA-2023-0023.html; https://nvd.nist.gov/vuln/detail/CVE-2023-34048

Related Security News

• Broadcom fixes high-severity VMware NSX bugs reported by NSA
• Broadcom warns of authentication bypass in VMware Windows Tools
• Broadcom fixes three VMware zero-days exploited in attacks
• VMware fixes bad patch for critical vCenter Server RCE flaw
• Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
• Broadcom fixes critical RCE bug in VMware vCenter Server

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List