25 October
Summary
VMware has released a critical vulnerability (CVE-2023-34048) notification for their VMWare vCenter Server and VMware Cloud Foundation. The vulnerability received a CVSSv3 9.8 score. An attacker with network access to the vCenter Server may trigger an out-of-bounds write with the possibility of performing remote code execution. An information disclosure vulnerability (CVE-2023-34056) was also found.
Affected products
VMware vCenter Server 8.0
VMware vCenter Server 7.0
VMware Cloud Foundation (VMware vCenter Server) 5.x and 4.x
Security resolution
Vmware has released security patches on 25th October addressing the the critical vulnerability and an information disclosure vulnerability:
VMware vCenter Server 8.0U2
VMware vCenter Server 8.0u1d
VMware vCenter Server 7.0U3o
VMware Cloud Foundation (VMware vCenter Server) KB88287
More information can be found here.