DIVD-2023-00039 - VMware vCenter Server RCE
| Our reference | DIVD-2023-00039 |
| Case lead | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Update vCenter Server to the patched versions provided. These are 8.0U1d or 8.0U2, 6.7U3 and 6.5U3. |
| Patch status | patch available |
| Workaround | There is no workaround for this issue. |
| Status | Closed |
| Last modified | 22 Jul 2024 10:53 CEST |
Summary
VMware issued security updates to fix a Remote Code Execution vulnerability in vCenter Server. The vulnerability has CVE ID CVE-2023-34048 and exists in all previous versions of vCenter server. Unauthenticated attackers are able to remotely exploit this vulnerability and could lead to complete takeover of the instance.
Recommendations
Because there is no workaround available, the advice is to take VMware vCenter off the public internet or limit access by Access Control Lists and update your vCenter instance as soon as possible.
What we are doing
DIVD is scanning for vulnerable instances by checking the standard VMware information endpoint. Owners of such systems will receive a notification with this casefile and remediation steps.
Timeline
| Date | Description |
|---|---|
| 25 Oct 2023 | DIVD starts researching CVE-2023-34048. |
| 26 Oct 2023 | DIVD starts scanning for vulnerable instances. |
| 22 Jul 2024 | Case closed, casefile is inactive too long |
gantt
title DIVD-2023-00039 - VMware vCenter Server RCE
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2023-00039 - VMware vCenter Server RCE (271 days) :2023-10-25, 2024-07-22
section Events
DIVD starts researching CVE-2023-34048. : milestone, 2023-10-25, 0d
DIVD starts scanning for vulnerable instances. : milestone, 2023-10-26, 0d
Case closed, casefile is inactive too long : milestone, 2024-07-22, 0d