9.8

CVE-2023-34048

Warning
Exploit

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Data is provided by the National Vulnerability Database (NVD)
VMwareVcenter Server Version >= 4.0 <= 5.5
VMwareVcenter Server Version7.0 Update-
VMwareVcenter Server Version7.0 Updatea
VMwareVcenter Server Version7.0 Updateb
VMwareVcenter Server Version7.0 Updatec
VMwareVcenter Server Version7.0 Updated
VMwareVcenter Server Version7.0 Updateupdate1
VMwareVcenter Server Version7.0 Updateupdate1a
VMwareVcenter Server Version7.0 Updateupdate1c
VMwareVcenter Server Version7.0 Updateupdate1d
VMwareVcenter Server Version7.0 Updateupdate2
VMwareVcenter Server Version7.0 Updateupdate2a
VMwareVcenter Server Version7.0 Updateupdate2b
VMwareVcenter Server Version7.0 Updateupdate2c
VMwareVcenter Server Version7.0 Updateupdate2d
VMwareVcenter Server Version7.0 Updateupdate3
VMwareVcenter Server Version7.0 Updateupdate3a
VMwareVcenter Server Version7.0 Updateupdate3c
VMwareVcenter Server Version7.0 Updateupdate3d
VMwareVcenter Server Version7.0 Updateupdate3e
VMwareVcenter Server Version7.0 Updateupdate3f
VMwareVcenter Server Version7.0 Updateupdate3g
VMwareVcenter Server Version7.0 Updateupdate3h
VMwareVcenter Server Version7.0 Updateupdate3i
VMwareVcenter Server Version7.0 Updateupdate3j
VMwareVcenter Server Version7.0 Updateupdate3k
VMwareVcenter Server Version7.0 Updateupdate3l
VMwareVcenter Server Version7.0 Updateupdate3m
VMwareVcenter Server Version7.0 Updateupdate3n
VMwareVcenter Server Version8.0 Update-
VMwareVcenter Server Version8.0 Updatea
VMwareVcenter Server Version8.0 Updateb
VMwareVcenter Server Version8.0 Updatec
VMwareVcenter Server Version8.0 Updateupdate1
VMwareVcenter Server Version8.0 Updateupdate1a
VMwareVcenter Server Version8.0 Updateupdate1b
VMwareVcenter Server Version8.0 Updateupdate1c

22.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware vCenter Server Out-of-Bounds Write Vulnerability

Vulnerability

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.9% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@vmware.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.