VMware has patched a critical out-of-bounds write vulnerability, tracked as CVE-2023-34048 (CVSS score 9.8), and a moderate-severity information disclosure flaw, tracked as CVE-2023-34056, in its widely used server management software, vCenter Server.
CVE-2023-34048 - Critical Out-of-Bounds Write
CVE-2023-34056 - Moderate Information Disclosure
Both vulnerabilities impact related products such as vSphere and Cloud Foundation (VCF). Because there are no workarounds available, VMware recommends that users patch as soon as possible. While the vulnerabilities were made public recently, some of the security updates were issued in late September. If you are a vCenter Server administrator and you consistently apply updates, your systems may already be safeguarded from potential exploitation.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-34048 and CVE-2023-34056. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.