Critical Vulnerability in VMware vCenter Server

Published on 26 Oct 2023 | Updated on 26 Oct 2023

VMware has released emergency security updates to address a critical vulnerability in VMware vCenter Server. The vulnerability (CVE-2023-34048) has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. 

Successful exploitation of the vulnerability can trigger an out-of-bounds write, potentially leading to remote code execution (RCE).

The vulnerability affects the following products:
  • VMware vCenter Server
  • VMware Cloud Foundation

  • Due to the critical severity of this vulnerability and the lack of a workaround, VMware has also issued updates for multiple end-of-life (EOL) products versions.

    Users and administrators of affected products are advised to update to the latest version immediately. 

    More information is available here:
    https://www.vmware.com/security/advisories/VMSA-2023-0023.html