ADVISORY!
TLP : CLEAR
Date : 22/01/2024
REF NO : CERT / 2024/01/08
VMware vCenter Server Multiple Vulnerabilities
Severity Level: High
Components Affected
- VMware vCenter Server 7.0 and 8.0
- VMware Cloud Foundation 4.x and 5.x
Overview
Multiple vulnerabilities were identified in VMware vCenter Server. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.
Description
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
- CVE-2023-34048
- CVE-2023-34056
Impact
- Information Disclosure
- Remote Code Execution
Solution/ Workarounds
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply fixes issued by the vendor:
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
