Uncovering VMWare vCenter Server Vulnerabilities 2023: What You Need to Know
On October 25, 2023, VMware disclosed two serious security vulnerabilities that affect their vCenter Server software, which is used to manage their virtualization environments. This software is required in all implementations of VMware and, for most organizations, is the primary method by which VMware is administrated.
CVE-2023-34048 and CVE-2023-34056 allow an attacker to remotely take full control of vCenter Server and access sensitive data stored in the server. These vulnerabilities affect multiple versions of vCenter Server.
While CDI is not currently seeing exploitation attempts on these issues, they are critical and should be addressed as soon as possible. Abuse of these vulnerabilities could disrupt operations, provide access to sensitive data, and allow attackers to misuse your systems for malicious purposes. If these vulnerabilities are successfully exploited, the attacker could gain access to every system running in the VMware environment. This means that attackers could have the ability to capture domain administrator passwords and sessions, sensitive data stored or accessed by virtual servers, deploy ransomware, or engage in similar activities.
While the issue is harder to exploit than some critical vulnerabilities that have made the news lately, as VMware vCenter is seldom directly exposed to the Internet, you should not be complacent. For many organizations, access to the internet network is gained through phishing or malicious links on websites and, once an attacker has internal access, this issue can be abused with relative ease.
CDI is prioritizing addressing this issue. If CDI manages your vCenter servers, you are covered and do not need to take any special action. However, if CDI does not manage your vCenter servers we recommend that you review the VMware Security Advisory and take the necessary steps to mitigate the vulnerability as soon as possible.
If you are uncertain about the vulnerability’s impact on your network or require any assistance in implementing the recommended mitigation measures, please do not hesitate to reach out to us at [email protected], by visiting cdillc.com/vmware, or by contacting your Customer Success Manager. Our team is ready and able to assist you in ensuring the security and stability of your network infrastructure.