Virtual Alarm: VMware Issues Major Security Advisory

VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8.
The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the
VMware advisory
explained. Software for vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol, the vendor added.
The vCenter Server platform is used for managing vSphere installations in hybrid cloud environments.
John Gallagher, vice president with Viakoo Labs, characterized the bug in a statement as serious as it gets, because its both dangerous and impacts VMware vCenter Servers, which are widely used across a variety of organizations and industry sectors.
The reason for it having a severity score of 9.8 is in how it devastates the entire CIA Triad of confidentiality, integrity, and availability, Gallgher explained. Successful exploit of this CVE gives complete access to the environment, and enables remote code execution for further exploitation.
Another sure sign of the severity is
VMware
taking the unusual step of offering up patches for old versions, Mayuresh Dani, security research manager at Qualys, explained in a statement.
The fact that VMware released patches for end of life (EOL) versions that are affected by this vulnerability speaks to how critical it is, since EOL software seldom gets patched, Dani added.
The advisory said patches will be issued for vCenter Server 6.7U3, 6.5U3, and VCF 3.x, as well as vCenter Server 8.0U1.
An additional flaw was reported by VMware in its VMware Cloud Foundation, but this bug, tracked under CVE-2023-34056, has been assigned a less urgent CVSS score of 4.3. The vulnerability could allow an unauthorized user access data, the advisory explained.
Both flaws were responsibly reported by researchers, VMware added in its advisory, however as organizations rush to patch, there will be an inevitable window of vulnerability for threat actors to take advantage of unpatched systems, Gallagher added.
Organizations using vCenter Server should ensure they have a current inventory of its usage, and a plan to patch, Gallagher advised. Mitigation for this directly appears limited, but using network access control and monitoring might catch lateral movement once a threat actor uses this to gain a foothold.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Virtual Alarm: VMware Issues Major Security Advisory