VMware warns of critical vulnerability affecting vCenter Server product

Cloud computing giant VMware warned this week of new vulnerabilities affecting a server management product present in VMware vSphere and Cloud Foundation (VCF) products.

The affected product, VMware vCenter Server, provides a centralized platform for controlling customers’ vSphere environments.

On Tuesday, the company released an advisory and FAQ document outlining concerns around CVE-2023-34048, a vulnerability with a critical CVSS severity score of 9.8 out of 10.

Discovered by Grigory Dorodnov of Trend Micro Zero Day Initiative, the bug allows a hacker to compromise vulnerable servers.

VMware noted that while it typically does not mention end-of-life products in most advisories, “due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x.”

VMware noted that because it affects the popular vCenter Server, “the scope is large” and customers should consider this an “emergency change” that necessitates “acting quickly.”

The company is not currently aware of exploitation “in the wild.”

Viakoo Labs Vice President John Gallagher said the vulnerability is “as serious as it gets” because vCenter Server is a widely-used centralized platform for managing multiple VMware instances, and is used by a wide range of organizations and engineering teams.

“Successful exploit of this CVE gives complete access to the environment, and enables remote code execution for further exploitation. A sign of how deeply serious this is can be seen in how VMware has published patches for older, end of support/end of life versions of the product,” Gallagher said.

“Given the breadth of usage and how even older versions are still being used, it’s likely that patching will take some time leaving open the ‘window of vulnerability’ for some time.”

Irfan Asrar, director of threat research at Qualys, backed Gallagher’s assessment, warning that the affected products are “highly prevalent applications with large enterprise customers globally.”

“Given the fact that it’s a remote code exploit with a high severity score, organizations should take this very seriously, especially with the current geopolitical climate,” Asrar added. “Other than the obvious use case as a vector for ransomware, this could also be used to send messages by threat actors on a hacktivist agenda.”

Ransomware gangs have a history of targeting VMWare vCenter servers with attacks, with several groups going after the products using Log4Shell attacks.