overview

VMware has patched a critical out-of-bounds write vulnerability, tracked as CVE-2023-34048 (CVSS score 9.8), and a moderate-severity information disclosure flaw, tracked as CVE-2023-34056, in its widely used server management software, vCenter Server. 

CVE-2023-34048 - Critical Out-of-Bounds Write 

  • A vulnerability that allowed an attacker, with network access to a vulnerable vCenter Server virtual appliance, to initiate an out-of-bounds write, potentially leading to remote code execution. There is no evidence of the vulnerability being exploited in the wild. 

CVE-2023-34056 - Moderate Information Disclosure 

  • A partial information disclosure vulnerability allow an attacker with non-administrative privileges to access unauthorized data. 

Both vulnerabilities impact related products such as vSphere and Cloud Foundation (VCF). Because there are no workarounds available, VMware recommends that users patch as soon as possible. While the vulnerabilities were made public recently, some of the security updates were issued in late September. If you are a vCenter Server administrator and you consistently apply updates, your systems may already be safeguarded from potential exploitation. 

 

 

avertium's recommendationS

  • According to VMware’s advisory, you are affected by CVE-2023-34048 and CVE-2023-34056 if you are running any version of vSphere except the latest updates for vSphere 6.5, 6.7, 7.0, or 8.0. The company has released patches for the following versions:  
    • Center Server 6.7U3 
    • vCenter Server 6.5U3 
    • vCenter Server 8.0U1 
    • VMware Cloud Foundation (VCF) 3.x 
    • Asynchronous patches for vCenter Server in VCF 5.x and 4.x deployments are also available. 
  • The company also recommends installing one of the patch versions listed in the VMware Security Advisory.  
    • Follow the VMware documentation for patching procedures and considerations when using vCenter Server High Availability (not vSphere High Availability).  
  • You may find more information and patch guidance in VMware’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-34048 and CVE-2023-34056. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 
  • Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

 

 

 

SUPPORTING DOCUMENTATION

VMSA-2023-0023 (vmware.com) 

VMSA-2023-0023: Questions & Answers | VMware 

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - SecurityWeek 

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) - Help Net Security 
Chat With One of Our Experts



VMWare vulnerability vCenter Flash Notice VMware Blog