VMware has published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates released by VMware. The vulnerability shared in this Cybersecurity Threat Advisory has received a critical severity rating by VMware. It could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.
The vulnerability is critical and poses a severe risk, with a CVSS severity score of 9.8 out of 10. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance. This can lead to remote code execution, meaning an attacker can potentially take control of the affected system, resulting in various malicious activities and security breaches.
VMware is so concerned about the risk posed by this vulnerability that they have released a patch for both current and older, unsupported versions of VMware.
If you are part of CSI's VMware Update Service, no action is required on your part.
If you are not, please immediately patch your systems to VMWare's recommended patch levels.
If you need assistance getting your systems patched, please contact us.
-Scott Quimby, CISSP