A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

Advisory No: TZCERT/SA/2023/10/27

Date of First Release: 27th October 2023

Source: VMware

Software Affected:  VMware vCenter Server and VMware Cloud Foundation

Overview:

Two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation have been disclosed. These vulnerabilities may lead to out-of-bounds write potentially leading to remote code execution.

Description:

VMware products are affected by multiple flaws that could result into a critical out-of-bound write (CVE-2023-34048) and access to unauthorized data by non-administrative privileged user. Successful exploitation of the critical flaw may allow an attacker to trigger out-of-bound write leading to remote code execution.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of affected system.

Solution:

VMware has released patches for these vulnerabilities. Users and administrators are encouraged to apply all necessary updates.

References:

  1. https://www.vmware.com/security/advisories/VMSA-2023-0023.html
  2. https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …