VMware warns of critical vulnerability affecting vCenter Server product

Jason Macuray
Cloud computing giant VMware warned this week of new vulnerabilities affecting a server management product present in VMware vSphere and Cloud Foundation (VCF) products.

Cloud computing giant VMware warned this week of new vulnerabilities affecting a server management product present in VMware vSphere and Cloud Foundation (VCF) products.

The affected product, VMware vCenter Server, provides a centralized platform for controlling customers’ vSphere environments.

On Tuesday, the company released an advisory and FAQ document outlining concerns around CVE-2023-34048, a vulnerability with a critical CVSS severity score of 9.8 out of 10.

Discovered by Grigory Dorodnov of Trend Micro Zero Day Initiative, the bug allows a hacker to compromise vulnerable servers.

VMware noted that while it typically does not mention end-of-life products in most advisories, “due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x.”

VMware noted that because it affects the popular vCenter Server, “the scope is large” and customers should consider this an “emergency change” that necessitates “acting quickly.”

The company is not currently aware of exploitation “in the wild.”

Viakoo Labs Vice President John Gallagher said the vulnerability is “as serious as it gets” because vCenter Server is a widely-used centralized platform for managing multiple VMware instances, and is used by a wide range of organizations and engineering teams.

“Successful exploit of this CVE gives complete access to the environment, and enables remote code execution for further exploitation. A sign of how deeply serious this is can be seen in how VMware has published patches for older, end of support/end of life versions of the product,” Gallagher said.

“Given the breadth of usage and how even older versions are still being used, it’s likely that patching will take some time leaving open the ‘window of vulnerability’ for some time.”

Irfan Asrar, director of threat research at Qualys, backed Gallagher’s assessment, warning that the affected products are “highly prevalent applications with large enterprise customers globally.”

“Given the fact that it’s a remote code exploit with a high severity score, organizations should take this very seriously, especially with the current geopolitical climate,” Asrar added. “Other than the obvious use case as a vector for ransomware, this could also be used to send messages by threat actors on a hacktivist agenda.”

Ransomware gangs have a history of targeting VMWare vCenter servers with attacks, with several groups going after the products using Log4Shell attacks.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

UK government accused of ‘vandalism’ over abolishing biometrics safeguards

Next Post

CISA: Agencies seeing steep decrease in known exploited vulnerabilities on federal networks

Related Posts

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply
Read More