Connect with us

Hi, what are you looking for?



VMware vCenter Server Vulnerability Exploited in Wild 

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. 

VMware vulnerability

VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.

The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.

VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild. 

No information appears to be available at the time of writing on the attacks exploiting the vCenter Server vulnerability. 

A public PoC exploit does not appear to exist, but technical details have been available since early December.

According to data from the Shadowserver Foundation, there are currently hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server.

It’s not uncommon for VMware products to be targeted by malicious actors in their attacks. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws

Advertisement. Scroll to continue reading.

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

Related: Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.