Vulnerability Details CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.933
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
Ransomware Campaign
Unknown
References
- https://www.vmware.com/security/advisories/VMSA-2023-0023.html
- https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server
- https://www.vmware.com/security/advisories/VMSA-2023-0023.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048
Products affected by CVE-2023-34048
-
cpe:2.3:a:vmware:vcenter_server:4.0
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.10021
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.12305
-
cpe:2.3:a:vmware:vcenter_server:4.1
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.12319
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.14766
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.17435
-
cpe:2.3:a:vmware:vcenter_server:5.0
-
cpe:2.3:a:vmware:vcenter_server:5.0.0.16964
-
cpe:2.3:a:vmware:vcenter_server:5.5
-
cpe:2.3:a:vmware:vcenter_server:7.0
-
cpe:2.3:a:vmware:vcenter_server:8.0