Executive summary

VMware have released a security advisory addressing a vulnerability which could allow an attacker to perform to perform remote code execution via VMware vCenter Server. Patches have been released, even for previously end-of-life versions of VMware vCenter Server due to the severity of the vulnerability. VMware have also addressed a vulnerability in which information can be partially disclosed.

What’s the risk to me or my business?

Organisations with a vulnerable server are leaving themselves at risk of allowing an attacker to perform remote code execution, impacting the confidentiality, integrity and availability of data.

The following versions are vulnerable, with patches detailed in VMware’s response matrix: 8.0, 7.0, 5.x, 4.x. Additionally, VMware have noted that whilst VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.

What can I do?

Black Arrow recommends applying the patches for the critical vulnerability immediately due to the severity of the vulnerability; there is no workaround available. Fixes for the other vulnerability are addressed in the patches for the critical vulnerability. Further information can be found in the security advisory by VMware.

Technical Summary

CVE-2023-34048- A critical out-of-bounds write vulnerability which can lead to remote code execution.

CVE-2023-34056- a vulnerability which can allow threat actors without administrator privileges to access sensitive data.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Further information can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

#threatadvisory #threatintelligence #cybersecurity