VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild.
CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.
The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.
VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild.
No information appears to be available at the time of writing on the attacks exploiting the vCenter Server vulnerability.
A public PoC exploit does not appear to exist, but technical details have been available since early December.
According to data from the Shadowserver Foundation, there are currently hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server.
It’s not uncommon for VMware products to be targeted by malicious actors in their attacks. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws.
Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws
Related: VMware Urges Customers to Patch Critical Aria Automation Vulnerability
Related: Critical Authentication Bypass Flaw in VMware Cloud Director Appliance