CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Recent assessments:

ccondon-r7 at January 19, 2024 10:39am UTC reported:

Critical out-of-bounds write vuln in vCenter Server and Cloud Foundation. While we haven’t looked at this in-depth, VMware’s advisory indicates that it’s been exploited in the wild (edit: not 0day, the advisory is from October 2023, derp), and they took the unusual step of patching several end-of-life versions of vCenter Server:

> While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.

The vuln requires network access to exploit, for whatever that’s worth at this point in threat-land. Typical skepticism on ease/reliability of exploitation applies given that this is a memory corruption vuln, but with that said, vCenter is a high-value target for skilled and motivated threat actors, including ransomware groups. vCenter Server customers should heed the FAQ advice and patch on an emergency basis.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 0