Vulnerability Details CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.917
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2023-34048
-
cpe:2.3:a:vmware:vcenter_server:4.0
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.10021
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.12305
-
cpe:2.3:a:vmware:vcenter_server:4.1
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.12319
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.14766
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.17435
-
cpe:2.3:a:vmware:vcenter_server:5.0
-
cpe:2.3:a:vmware:vcenter_server:5.0.0.16964
-
cpe:2.3:a:vmware:vcenter_server:5.5
-
cpe:2.3:a:vmware:vcenter_server:7.0
-
cpe:2.3:a:vmware:vcenter_server:8.0