Vulnerabilities

VMware vCenter Server Vulnerability Exploited in Wild 

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. 

VMware vulnerability

VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.

The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.

VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild. 

No information appears to be available at the time of writing on the attacks exploiting the vCenter Server vulnerability. 

A public PoC exploit does not appear to exist, but technical details have been available since early December.

According to data from the Shadowserver Foundation, there are currently hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server.

It’s not uncommon for VMware products to be targeted by malicious actors in their attacks. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws

Advertisement. Scroll to continue reading.

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

Related: Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

Related Content

Vulnerabilities

Ivanti says a few more CSA zero-day vulnerabilities have been found to be exploited in attacks where they are chained with CVE-2024-8963.

Vulnerabilities

Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild.

Vulnerabilities

An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers.

Vulnerabilities

Over 4,000 Adobe Commerce and Magento stores unpatched against an exploited vulnerability have been compromised.

Email Security

A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.

Vulnerabilities

CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild.

Vulnerabilities

CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.

Vulnerabilities

In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version