Tech Support
Documentation
Login
Contact Us
Critical VMware vCenter Server Vulnerability Fixed
Rohan Timalsina
November 1, 2023 - TuxCare expert team
VMware has recently issued important security updates to address a critical vulnerability in its vCenter Server, which is a crucial component for managing virtualized infrastructure. This update is essential to protect your systems from remote code execution attacks.
vCenter Server serves as the central management hub for VMware’s vSphere suite. It is essential for assisting administrators in effectively managing and monitoring virtualized infrastructure. In essence, it’s the control panel for your virtualized environment.
vCenter Server Vulnerability and Its Implications
This particular vulnerability, known as CVE-2023-34048, was discovered by Grigory Dorodnov from Trend Micro’s Zero Day Initiative. It stems from an out-of-bounds write weakness in vCenter’s DCE/RPC protocol implementation. The concerning aspect is that unauthenticated attackers can exploit it remotely, and the attack process doesn’t require much complexity or user interaction. As of now, there’s no evidence to suggest that this vulnerability is actively being used in attacks.
What’s Being Done About It?
To address this critical issue, VMware has rolled out security patches through its standard vCenter Server update mechanisms. Given the severity of the vCenter Server vulnerability, VMware has also taken the proactive step of providing patches for products that are no longer under active support.
As there is no workaround available for this vulnerability, VMware is strongly advising system administrators to take measures to strictly control network perimeter access to vSphere management components and interfaces. This includes components related to storage and networking. Pay special attention to network ports 2012/tcp, 2014/tcp, and 2020/tcp, as these are linked to potential exploitation in attacks targeting the vulnerability.
Another Vulnerability Addressed
In addition to the critical vulnerability, VMware has also patched a partial information disclosure vulnerability, tracked as CVE-2023-34056. While this vulnerability has a lower severity score, it could still be leveraged by threat actors with non-administrative privileges on vCenter servers to access sensitive data. So, it’s crucial to keep your systems up-to-date.
Final Thoughts
VMware acknowledges the importance of addressing the vCenter Server vulnerability urgently. In their FAQ document, they state, “This would be considered an emergency change, and your organization should consider acting quickly.” However, they also emphasize that the appropriate security response depends on the specific context of your organization. Therefore, it’s advisable to consult with your organization’s information security staff to determine the best course of action for your specific situation.
In summary, keeping your systems updated with the latest security patches is essential to protect your data and infrastructure. VMware is taking steps to ensure the safety of its users, and it’s crucial that you act swiftly to apply these updates. Your organization’s security is of utmost importance, and vigilance is the key to maintaining a secure environment.
The sources of this article include a story from BleepingComputer.
