Act Now VMware Releases Patch for Critical vCenter Server RCE Vulnerability


VMware has issued security upgrades to fix a major weakness in vCenter Server that might allow remote code execution on impacted computers. The vulnerability, identified as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the DCE/RPC protocol implementation.

“A malicious actor with network access to vCenter Server may trigger an out-of-bounds write, potentially leading to remote code execution,” VMware said in a security alert issued today. Grigory Dorodnov of Trend Micro Zero Day Initiative is credited with discovering and reporting the bug.

Read More…