VMware issued safety updates to repair a crucial vCenter Server vulnerability that may be exploited to realize distant code execution assaults on susceptible servers.
vCenter Server is the central administration hub for VMware’s vSphere suite, and it helps directors handle and monitor virtualized infrastructure.
The vulnerability (CVE-2023-34048) was reported by Grigory Dorodnov of Development Micro’s Zero Day Initiative and is because of an out-of-bounds write weak spot in vCenter’s DCE/RPC protocol implementation.
Unauthenticated attackers can exploit it remotely in low-complexity assaults that do not require consumer interplay. The corporate says it has no proof that the CVE-2023-34048 RCE bug is at present utilized in assaults.
Safety patches addressing this challenge are actually accessible by means of the usual vCenter Server replace mechanisms. Because of the crucial nature of this bug, VMware has additionally issued patches for a number of end-of-life merchandise which are not underneath lively help.
“Whereas VMware doesn’t point out end-of-life merchandise in VMware Safety Advisories, because of the crucial severity of this vulnerability and lack of workaround VMware has made a patch usually out there for vCenter Server 6.7U3, 6.5U3, and VCF 3.x,” the corporate mentioned.
“For a similar causes, VMware has made extra patches out there for vCenter Server 8.0U1. Async vCenter Server patches for VCF 5.x and 4.x deployments have been made out there.”
No workaround out there
As a result of a workaround is unavailable, VMware urges admins to strictly management community perimeter entry to vSphere administration parts and interfaces, together with storage and community parts.
The precise community ports linked to potential exploitation in assaults focusing on this vulnerability are 2012/tcp, 2014/tcp, and 2020/tcp.
The corporate additionally patched a partial info disclosure vulnerability with a 4.3/10 severity CVSS base rating tracked as CVE-2023-34056 that could be leveraged by risk actors with non-administrative privileges to vCenter servers to entry delicate knowledge.
“This is able to be thought of an emergency change, and your group ought to contemplate performing shortly,” VMware mentioned in a separate FAQ doc.
“Nonetheless, all safety response depends upon context. Please seek the advice of together with your group’s info safety employees to find out the appropriate plan of action on your group.”
In June, VMware patched a number of high-severity vCenter Server safety flaws, mitigating code execution and authentication bypass dangers.
The identical week, VMware fastened an ESXi zero-day exploited by Chinese language state hackers in knowledge theft assaults and alerted clients to an actively exploited crucial flaw within the Aria Operations for Networks analytics device, which has since been patched.
