Advisory No: TZCERT/SA/2023/10/27
Date of First Release: 27th October 2023
Software Affected: VMware vCenter Server and VMware Cloud Foundation
Two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation have been disclosed. These vulnerabilities may lead to out-of-bounds write potentially leading to remote code execution.
VMware products are affected by multiple flaws that could result into a critical out-of-bound write (CVE-2023-34048) and access to unauthorized data by non-administrative privileged user. Successful exploitation of the critical flaw may allow an attacker to trigger out-of-bound write leading to remote code execution.
Successful exploitation of these vulnerabilities may allow the attacker to take control of affected system.
VMware has released patches for these vulnerabilities. Users and administrators are encouraged to apply all necessary updates.