Lucene search
K

VMware vCenter Server - Out-of-Bounds Write

🗓️ 25 Jun 2026 01:31:50Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

VMware vCenter Server suffers out-of-bounds write enabling remote code execution (CVE-2023-34048).

Related
Refs
Code
id: CVE-2023-34048

info:
  name: VMware vCenter Server - Out-of-Bounds Write
  author: ritikchaddha
  severity: critical
  description: |
    vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server.
  impact: |
    Unauthenticated attackers with network access can exploit the out-of-bounds write vulnerability in the DCERPC protocol to execute arbitrary code on vCenter Server, potentially compromising the entire VMware virtualization infrastructure.
  remediation: |
    Apply VMware security patches from VMSA-2023-0023 for vCenter Server versions 4.0-5.5 and 7.0-8.0 that fix the DCERPC protocol vulnerability.
  reference:
    - https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server
    - https://www.vmware.com/security/advisories/VMSA-2023-0023.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-34048
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-34048
    epss-score: 0.99428
    epss-percentile: 0.99936
    cwe-id: CWE-787
  metadata:
    verified: true
    max-request: 2
    vendor: vmware
    product: vcenter_server
    shodan-query: title:"VMware VCenter"
    fofa-query: title="VMware VCenter"
  tags: cve,cve2023,vmware,vcenter,rce,kev,vkev,passive

http:
  - raw:
      - |
        GET /en/welcomeRes.js HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /sdk/ HTTP/1.1
        Host: {{Hostname}}

        <?xml version="1.0" encoding="UTF-8"?>
        <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <soap:Header>
              <operationID>00000001-00000001</operationID>
           </soap:Header>
           <soap:Body>
              <RetrieveServiceContent xmlns="urn:internalvim25">
                 <_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance</_this>
              </RetrieveServiceContent>
           </soap:Body>
        </soap:Envelope>


    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "VMware vCenter"
          - "VirtualCenter"
        case-insensitive: true

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - compare_versions(version, '>= 4.0', '<= 5.5')
          - compare_versions(version, '>= 7.0', '<= 8.0')

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - 'vCenter Converter Standalone ([0-9.]+)'
          - "<version>(.*?)</version>"
# digest: 4a0a00473045022029b20736a815b366876c78d66309c39f2beff558dfbbdd0c1e32f05a3623cc72022100fd23bca6dfc9f22c9c7ed55c7bd92652c2be9e7731368e16d5b718d2977e75c4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.1High risk
Vulners AI Score8.1
CVSS 3.19.8
EPSS0.99428
SSVC
17