VMware has been discovered with two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, which were associated with Out-of-Bounds Write and Partial Information Disclosure. The severity of these vulnerabilities was 9.8 (Critical) and 4.3 (Medium).
Both of these vulnerabilities existed on the VMware vCenter Server, a Server Management Software for managing virtual machines, ESXi hosts, and all other components from a centralized location.
VMware has fixed these vulnerabilities and has released a security advisory addressing these vulnerabilities.
CVE-2023-34048: VMware Out-of-Bounds Write Vulnerability
This vulnerability can be exploited by an attacker with network access to the vCenter Server, which could result in out-of-bounds write vulnerability, potentially leading to remote code execution. The severity of this vulnerability has been given as 9.8 (Critical).
This vulnerability has no workarounds, according to VMware’s security advisory.
CVE-2023-34056: VMware Information Disclosure Vulnerability
A threat actor can exploit this vulnerability with non-admin privileges to access unauthorized data. The severity for this vulnerability has been given as 4.3 (Medium).
Affected Products
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware vCenter Server | 8 | Any | CVE-2023-34048, CVE-2023-34056 | 9.8, 4.3 | Critical | 8.0U2 | None | FAQ |
VMware vCenter Server | 8 | Any | CVE-2023-34048 | 9.8 | Critical | 8.0U1d | None | FAQ |
VMware vCenter Server | 7 | Any | CVE-2023-34048, CVE-2023-34056 | 9.8, 4.3 | Critical | 7.0U3o | None | FAQ |
VMware Cloud Foundation (VMware vCenter Server) | 5.x, 4.x | Any | CVE-2023-34048, CVE-2023-34056 | 9.8, 4.3 | Critical | KB88287 | None | FAQ |
Users of these products are recommended to upgrade to the latest versions to prevent these vulnerabilities from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.