CVE-2023-34048

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Критический

Описание

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Ссылки

https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Vendor Advisory
https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server
Exploit
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 5.5 (включая)

cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.93213

Критический

9.8 Critical

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-87j2-5g9j-7jmv

CVSS3: 9.8

github

больше 2 лет назад

BDU:2023-07140

CVSS3: 9.8

fstec

больше 2 лет назад

Уязвимость реализации протокола DCERPC программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%

0.93213

Критический

9.8 Critical

CVSS3

Дефекты

CWE-787