VMware has published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability shared in this Cybersecurity Threat Advisory has received a critical severity rating by VMware. It could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.
What is the threat?
CVE-2023-34048 resides in the implementation of the DCE/RPC protocol (a protocol for remote procedure calls). It permits an attacker with network access to a vulnerable vCenter Server virtual appliance to trigger an out-of-bounds write, potentially leading to remote code execution.
Why is it noteworthy?
This is a critical remote code execution vulnerability affecting its vCenter Server and VMware Cloud Foundation products. This vulnerability, assigned the identifier CVE-2023-34048, poses a severe risk, as it provides a malicious actor with network access the ability to launch remote code execution attacks.
In a critical-severity advisory, VMware has characterized this issue as an “out-of-bounds write” problem within its implementation of the DCE/RPC protocol. This vulnerability has been assessed with a high CVSS severity score of 9.8 out of 10, indicating the critical nature of the risk it poses.
VMware has released security patches, not only for current products but also for older, end-of-life versions such as vCenter Server 6.7U3, 6.5U3, VCF 3.x, and vCenter Server 8.0U1. Moreover, asynchronous vCenter Server patches for VCF 5.x and 4.x are also available to address this pressing security concern.
What is the exposure or risk?
The vulnerability is critical and poses a severe risk, with a CVSS severity score of 9.8 out of 10. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance. This can lead to remote code execution, meaning an attacker can potentially take control of the affected system, resulting in various malicious activities and security breaches.
What are the recommendations?
Barracuda MSP highly recommends implementing a layered security approach to prevent and protect.
- To remediate CVE-2023-34048 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.
- The following specific network ports are involved with CVE-2023-34048. VMware recommends implementing strict network perimeter access control as part of your mitigation steps:
- 2012/tcp
- 2014/tcp
- 2020/tc
References
- https://www.securityweek.com/vmware-vcenter-flaw-so-critical-patches-released-for-end-of-life-products/
- https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-code-execution-flaw-in-vcenter-server/
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.