Skip to main content

VMware vCenter Server Multiple Vulnerabilities

Last Update Date: 22 Jan 2024 Release Date: 26 Oct 2023 6112 Views

RISK: High Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities were identified in VMware vCenter Server. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.

 

Note:

For CVE-2023-34048, a malicious actor with network access to vCenter Server may use this vulnerability to trigger an out-of-bounds write potentially leading to remote code execution. The CVE-2023-34048 vulnerability is being exploited in the wild.

 

[Updated on 2024-01-22] 

The CVE-2023-34048 vulnerability is being exploited in the wild. Hence, the risk level is rated from Medium Risk to High Risk.


Impact

  • Information Disclosure
  • Remote Code Execution

System / Technologies affected

  • VMware vCenter Server 7.0 and 8.0
  • VMware Cloud Foundation 4.x and 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link