DIVD-2023-00039 - VMware vCenter Server RCE
| Our reference | DIVD-2023-00039 |
| Case lead | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Update vCenter Server to the patched versions provided. These are 8.0U1d or 8.0U2, 6.7U3 and 6.5U3. |
| Patch status | patch available |
| Workaround | There is no workaround for this issue. |
| Status | Open |
| Last modified | 21 Nov 2023 20:52 |
Summary
VMware issued security updates to fix a Remote Code Execution vulnerability in vCenter Server. The vulnerability has CVE ID CVE-2023-34048 and exists in all previous versions of vCenter server. Unauthenticated attackers are able to remotely exploit this vulnerability and could lead to complete takeover of the instance.
Recommendations
Because there is no workaround available, the advice is to take VMware vCenter off the public internet or limit access by Access Control Lists and update your vCenter instance as soon as possible.
What we are doing
DIVD is scanning for vulnerable instances by checking the standard VMware information endpoint. Owners of such systems will receive a notification with this casefile and remediation steps.
Timeline
| Date | Description |
|---|---|
| 25 Oct 2023 | DIVD starts researching CVE-2023-34048. |
| 26 Oct 2023 | DIVD starts scanning for vulnerable instances. |
gantt
title DIVD-2023-00039 - VMware vCenter Server RCE
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2023-00039 - VMware vCenter Server RCE (still open) :2023-10-25, 2024-05-02
section Events
DIVD starts researching CVE-2023-34048. : milestone, 2023-10-25, 0d
DIVD starts scanning for vulnerable instances. : milestone, 2023-10-26, 0d