On 25 October 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability has received a critical severity rating by VMware as it could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.
CVE-2023-34048 was responsibly disclosed to VMware by security researchers. Arctic Wolf has not identified any reports of active exploitation or a publicly available proof of concept exploit at this time. However, several VMware vCenter Server and Cloud Foundation vulnerabilities have been exploited by threat actors in the past and have been added to CISA’s Known Exploited Vulnerabilities Catalog.
Recommendations for CVE-2023-34048
Recommendation #1: Upgrade VMware vCenter Server and Cloud Foundation to Fixed Version
Arctic Wolf strongly recommends applying updates provided by VMware to upgrade affected products.
|VMware vCenter Server||8.0, 7.0, 6.7, 6.5||8.0U2, 8.0U1d, 7.0U3o, 6.7U3T, 6.5.0U3V|
|VMware Cloud Foundation||5.x, 4.x, 3.x||5.x & 4.x: KB88287, 3.x: KB95194|
Note: Due to the critical severity of the vulnerability and the lack of workarounds available, VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3 and Cloud Foundation 3.x despite being end-of-life products and not under active support.
Please follow your organisations patching and testing guidelines to avoid operational impact.
Recommendation #2: Restrict Access to Ports 2012/tcp, 2014/tcp, and 2020/tcp
Arctic Wolf recommends strict network perimeter access control to all management interfaces of appliances as part of an overall effective security posture.
The following specific network ports are involved with CVE-2023-34048 and VMware recommends implementing strict network perimeter access control as part of your mitigation steps: