Skip to the content.

DIVD-2023-00039 - VMware vCenter Server RCE

Our reference DIVD-2023-00039
Case lead Max van der Horst
Researcher(s)
CVE(s)
Products
  • VMware vCenter Server
Versions
  • All versions
Recommendation Update vCenter Server to the patched versions provided. These are 8.0U1d or 8.0U2, 6.7U3 and 6.5U3.
Patch status patch available
Workaround There is no workaround for this issue.
Status Open
Last modified 21 Nov 2023 20:52

Summary

VMware issued security updates to fix a Remote Code Execution vulnerability in vCenter Server. The vulnerability has CVE ID CVE-2023-34048 and exists in all previous versions of vCenter server. Unauthenticated attackers are able to remotely exploit this vulnerability and could lead to complete takeover of the instance.

Recommendations

Because there is no workaround available, the advice is to take VMware vCenter off the public internet or limit access by Access Control Lists and update your vCenter instance as soon as possible.

What we are doing

DIVD is scanning for vulnerable instances by checking the standard VMware information endpoint. Owners of such systems will receive a notification with this casefile and remediation steps.

Timeline

Date Description
25 Oct 2023 DIVD starts researching CVE-2023-34048.
26 Oct 2023 DIVD starts scanning for vulnerable instances.
gantt title DIVD-2023-00039 - VMware vCenter Server RCE dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2023-00039 - VMware vCenter Server RCE (still open) :2023-10-25, 2024-03-04 section Events DIVD starts researching CVE-2023-34048. : milestone, 2023-10-25, 0d DIVD starts scanning for vulnerable instances. : milestone, 2023-10-26, 0d

More information