I’M UNDER A CYBER ATTACK

Alert

vmware vcenter server

Alert 2023-06 – Critical Vulnerabilities Reported in VMware Products

A critical vulnerability affecting VMware vCenter Server products has been reported that could result in remote code execution (RCE) on affected systems.

The issue, identified as CVE-2023-34048 with score 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. “A malicious actor with access to the vCenter Server network can trigger an out-of-bounds write that could lead to remote code execution,” VMware said in a published advisory.

In addition, vCenter Server contains a partial information disclosure vulnerability. VMware has assessed the severity of this issue in the moderate severity range identified as CVE-2023-34056 with a score of 4.3.

Several vulnerabilities have also been reported in VMware Aria Operations for Logs. Fortunately there are also updates already available to remediate this vulnerability.

VMware Aria Operations for Logs contains two vulnerabilities: CVE-2023-34051 authentication bypass and CVE-2023-34052 bad deserialization. In addition, VMware has assessed the severity of both in the major severity range with a score of 8.1 each.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.