CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-34048

CVSS 9.8v3.1pub. 2023-10-25upd. 2025-10-30

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Vcenter Server

    APP
    Vmware
    7.08.04.0 – 5.5

CISA KEV — detailsi

Vendori
VMware
Producti
vCenter Server
Added to KEVi
January 22, 2024
Remediation deadline (US Federal)i
February 12, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 12 lutego 2024
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt

VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE

CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Heap overflow w VMware vCenter Server via protokół DCERPC — RCE

CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...

CVE-2021-21985CRITICAL9.8⚠ KEVten sam produkt

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in t...

CVE-2021-21972CRITICAL9.8⚠ KEVten sam produkt

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malici...