VMware has alerted the public to a critical vulnerability they discovered in their vCenter Servers and VMware Cloud products. This vulnerability, assigned the CVE-2023-34048 identifier, allows a threat actor who has gained access to the network to execute remote code (RCE). This is similar to the vulnerability discovered in Aria solutions sometime in August.
The issue stems from an out-of-bound write problem in the implementation of the DCE/RPC protocol, as stated by VMware. This virtualization technology leader has assigned a severity score of 9.8 out of 10 to this vulnerability.
Due to the high level of criticality, VMware has taken the necessary step of releasing security patches for older, end-of-life devices. These devices include vCenter Server versions 6.7U3, 6.5U3, VCF 3.x, and vCenter Server 8.0u1. Additionally, updates for Asynchronous vCenter Servers VCF 5.x and 4.x are now available.
Threat actors with non-administrative privileges can exploit this vulnerability to gain unauthorized access to data. In a separate disclosure, the company revealed security issues in its VMware Aria Operations logs. They noted that the exploit code for an authentication bypass flaw has been made publicly available on the internet. As a result, VMware strongly advises its users to promptly apply all necessary security updates.
VMware thanked Grigory Dorodnov of Trend Micro Zero day initiative for reporting the vulnerability.
Please do let us know in the comment section what are your thoughts about this.