CVE-2023-34048

CRITICAL9.8

CISA KEVPublic PoCHigh EPSS

Description

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

VMware / VMware Cloud Foundation (VMware vCenter Server)5.x – 5.x
VMware / VMware Cloud Foundation (VMware vCenter Server)4.x – 4.x
VMware / VMware vCenter Server8.0 – 8.0U2
VMware / VMware vCenter Server7.0 – 7.0U3o

Exploits & PoCs

nucleiVMware vCenter Server - Out-of-Bounds Writeby ritikchaddha

References

VENDOR_ADVISORYhttps://www.vmware.com/security/advisories/VMSA-2023-0023.html