VMware vCenter Server Vulnerability Exploited in Wild 

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. 

VMware vulnerability

VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.

The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.

VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild. 

No information appears to be available at the time of writing on the attacks exploiting the vCenter Server vulnerability. 

A public PoC exploit does not appear to exist, but technical details have been available since early December.

According to data from the Shadowserver Foundation, there are currently hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server.

It’s not uncommon for VMware products to be targeted by malicious actors in their attacks. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws

Advertisement. Scroll to continue reading.

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

Related: Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

Related Content


Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.


Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware.


CISA has added CVE-2020-3259, an old Cisco ASA vulnerability exploited by ransomware, to its KEV catalog. 


Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.

Malware & Threats

Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.

Email Security

CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog.


Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.


Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version