Patch this Critical VMware vCenter Server Vulnerability

Summary

VMware has released security updates for its vCenter Server. The vulnerability, CVE-2023-34048, is classified as Critical with a CVSS score of 9.8. VMware defines this vulnerability as an out-of-bounds write related to the DCERPC protocol which is used for remote procedure calls. It could allow a remote attacker to perform remote code execution on the target system requiring no privileges or user interaction.

Impact Assessment

This vulnerability affects a critical protocol on a key component to any network infrastructure, the server. If this vulnerability is exploited, arbitrary remote code execution on the device can occur. This can result in a variety consequence such as the installation of malware and data exfiltration.

Affected Products

• VMware vCenter Server
• VMware Cloud Foundation

What it means for you

Any organization which uses VMware’s vCenter Server appliance can be subject to a remote code execution attack if this vulnerability is left unpatched. Currently, there is no evidence of active exploitation, but the longer a vulnerability is known the higher the chance an exploit will become made. Review your asset inventory for servers and check if your organization utilizes the vCenter Server appliance. Apply emergency patching procedures as per the vendor while following VMware’s documentation for patching considerations when using vCenter Server High Availability.

Remediation

There are no workarounds for this vulnerability, but there is a patch available. Refer to this security advisory and see the affected software. Review the FAQ, download and apply the latest patch.

Business Implications

Exploitation of this vulnerability can cause financial, reputational, and data loss. This will be due to denial of service, incident response, and PR efforts from the aftermath of vulnerability exploitation. A server is a critical piece of infrastructure and depending on the controls are around it, what it is connected to, and what sort of exploit the attacker decides to use when exploitation is achieved could greatly influence the impact of exploitation.

Access Point Technology Recommends

1. Patch – Have your network engineers update the software on the servers which use the vCenter appliance.
2. Hire and train staff – This goes along with patching, ensure that your network and vulnerability management staff are well trained and skilled with the tools that they are using to ensure proper remediation. They can help mitigate threats before they become a problem.
3. Review vendor documentation and recommendations – Typically following vendor recommendations is the best way to remediate. If they tell you to patch or apply a work around, it probably should be done.

Associated Bulletins

https://www.vmware.com/security/advisories/VMSA-2023-0023.html

https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html

‍