CVE-2023-34048

CVE-2023-34048 is a critical out-of-bounds write vulnerability discovered in VMware's vCenter Server, a widely used server management software. This flaw in software design or implementation poses a high risk of exploitation and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10, indicating its severity. Alongside this, VMware also addressed a moderate-severity information disclosure flaw (CVE-2023-34056) affecting both the vCenter Server and VMware Cloud Foundation. The vulnerability CVE-2023-34048 was actively exploited by a Chinese hacking group as a zero-day since late 2021. By October, the issue escalated to the point where it was being used for remote code execution attacks, prompting VMware to take action. The company confirmed that the flaw was under active exploitation, which necessitated immediate remediation. In response to these threats, VMware released patches for both vulnerabilities in October. The company fixed the critical vCenter Server flaw (CVE-2023-34048), effectively preventing potential remote code execution attacks. Security advisories were issued, providing users with necessary guidance on addressing these vulnerabilities. As of now, the critical flaws have been mitigated, but users are strongly advised to apply the patches to protect their systems from potential exploits.