CVE-2023-34048: Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation

Share :

On 25 October 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability has received a critical severity rating by VMware as it could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited. 

CVE-2023-34048 was responsibly disclosed to VMware by security researchers. Arctic Wolf has not identified any reports of active exploitation or a publicly available proof of concept exploit at this time. However, several VMware vCenter Server and Cloud Foundation vulnerabilities have been exploited by threat actors in the past and have been added to CISA’s Known Exploited Vulnerabilities Catalog. 

Recommendations for CVE-2023-34048

Recommendation #1: Upgrade VMware vCenter Server and Cloud Foundation to Fixed Version 

Arctic Wolf strongly recommends applying updates provided by VMware to upgrade affected products. 




Affected Version 


Fixed Version 


VMware vCenter Server  8.0, 7.0, 6.7, 6.5  8.0U2, 8.0U1d, 7.0U3o, 6.7U3T, 6.5.0U3V 
VMware Cloud Foundation  5.x, 4.x, 3.x  5.x & 4.x: KB88287, 3.x: KB95194 


Note: Due to the critical severity of the vulnerability and the lack of workarounds available, VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3 and Cloud Foundation 3.x despite being end-of-life products and not under active support. 

Please follow your organisations patching and testing guidelines to avoid operational impact.  

Recommendation #2: Restrict Access to Ports 2012/tcp, 2014/tcp, and 2020/tcp 

Arctic Wolf recommends strict network perimeter access control to all management interfaces of appliances as part of an overall effective security posture.  

The following specific network ports are involved with CVE-2023-34048 and VMware recommends implementing strict network perimeter access control as part of your mitigation steps: 

  • 2012/tcp 
  • 2014/tcp 
  • 2020/tcp


  1. VMware advisory (CVE-2023-34048) 
  2. FAQ regarding VMware advisory (CVE-2023-34048)
James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents