VMware vCenter Server Flaw Let Attacker Execute Remote Code

by Esmeralda McKenzie
VMware vCenter Server Flaw Let Attacker Execute Remote Code

VMware vCenter Server Flaw Let Attacker Execute Remote Code

VMware vCenter Server Flaw Let Attacker Operate Some distance away Code

VMware has been discovered with two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, which were related with Out-of-Bounds Write and Partial Info Disclosure. The severity of these vulnerabilities became as soon as 9.8 (Valuable) and 4.3 (Medium).

Each and each of these vulnerabilities existed on the VMware vCenter Server, a Server Administration Diagram for managing virtual machines, ESXi hosts, and all rather about a parts from a centralized build.

VMware has mounted these vulnerabilities and has launched a security advisory addressing these vulnerabilities.

CVE-2023-34048: VMware Out-of-Bounds Write Vulnerability

This vulnerability will most certainly be exploited by an attacker with community entry to the vCenter Server, which might per chance moreover lead to out-of-bounds write vulnerability, potentially main to a ways away code execution. The severity of this vulnerability has been given as 9.8 (Valuable).

This vulnerability has no workarounds, primarily based mostly on VMware’s safety advisory.

CVE-2023-34056: VMware Info Disclosure Vulnerability

A threat actor can exploit this vulnerability with non-admin privileges to entry unauthorized recordsdata. The severity for this vulnerability has been given as 4.3 (Medium).

Affected Products

Product Version Running On CVE Identifier CVSSv3 Severity Fastened Version Workarounds Additional Documentation
VMware vCenter Server 8 Any CVE-2023-34048, CVE-2023-34056 9.8, 4.3 Valuable 8.0U2 None FAQ
VMware vCenter Server 8 Any CVE-2023-34048 9.8 Valuable 8.0U1d None FAQ
VMware vCenter Server 7 Any CVE-2023-34048, CVE-2023-34056 9.8, 4.3 Valuable 7.0U3o None FAQ
VMware Cloud Foundation (VMware vCenter Server) 5.x, 4.x Any CVE-2023-34048, CVE-2023-34056 9.8, 4.3 Valuable KB88287 None FAQ

Users of these products are suggested to upgrade to essentially the most contemporary versions to forestall these vulnerabilities from getting exploited.

Source credit : cybersecuritynews.com

Related Posts