Blog

Uncovering VMWare vCenter Server Vulnerabilities 2023: What You Need to Know

Josh More
By Josh More, Chief Information Security Officer, CDI
Uncovering VMWare vCenter Server Vulnerabilities 2023: What You Need to Know

On October 25, 2023, VMware disclosed two serious security vulnerabilities that affect their vCenter Server software, which is used to manage their virtualization environments. This software is required in all implementations of VMware and, for most organizations, is the primary method by which VMware is administrated.

CVE-2023-34048 and CVE-2023-34056 allow an attacker to remotely take full control of vCenter Server and access sensitive data stored in the server. These vulnerabilities affect multiple versions of vCenter Server.

While CDI is not currently seeing exploitation attempts on these issues, they are critical and should be addressed as soon as possible. Abuse of these vulnerabilities could disrupt operations, provide access to sensitive data, and allow attackers to misuse your systems for malicious purposes. If these vulnerabilities are successfully exploited, the attacker could gain access to every system running in the VMware environment. This means that attackers could have the ability to capture domain administrator passwords and sessions, sensitive data stored or accessed by virtual servers, deploy ransomware, or engage in similar activities.

While the issue is harder to exploit than some critical vulnerabilities that have made the news lately, as VMware vCenter is seldom directly exposed to the Internet, you should not be complacent. For many organizations, access to the internet network is gained through phishing or malicious links on websites and, once an attacker has internal access, this issue can be abused with relative ease.

CDI is prioritizing addressing this issue. If CDI manages your vCenter servers, you are covered and do not need to take any special action. However, if CDI does not manage your vCenter servers we recommend that you review the VMware Security Advisory and take the necessary steps to mitigate the vulnerability as soon as possible.

If you are uncertain about the vulnerability’s impact on your network or require any assistance in implementing the recommended mitigation measures, please do not hesitate to reach out to us at [email protected], by visiting cdillc.com/vmware, or by contacting your Customer Success Manager. Our team is ready and able to assist you in ensuring the security and stability of your network infrastructure.

Josh More

Josh More, Chief Information Security Officer, CDI

Bringing twenty years of information security experience to CDI, Josh More bridges the gaps between technology, security, and compliance. Internally, Josh guides the development of CDI’s services to maximize their effectiveness and flexibility to meet client needs, while also building in the appropriate controls to help clients select their appropriate security level and meet their regulatory requirements. Externally, Josh leads CDI’s security services consulting arm, helping clients meet these same needs with respect to their own systems and practices.

Connect
with us

To learn more, call us at 877.216.0133, email us at [email protected] or fill out the following information.

  • By completing this form, you're automatically added to our mailing list and can opt out at any time.

  • This field is for validation purposes and should be left unchanged.