VMware vCenter Server Out-of-Bounds Write Vulnerability

Added Jan. 22, 2024 • Due Feb. 12, 2024 • CVE-2023-34048

Overdue VMware / vCenter Server CWE-787

Description

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://www.vmware.com/security/advisories/VMSA-2023-0023.html
https://nvd.nist.gov/vuln/detail/CVE-2023-34048

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 3 weeks ago