Platform
- Platform
- Platform Overview
  All Technology Asset Intelligence in 1 place.
- Asset Discovery
  In-depth discovery across the technology estate.
- Asset Inventory
  All asset data unified in one place.
- Asset Analytics
  Empower your decision-making with trusted data.
TRY NOW
Why Lansweeper?
- Why Lansweeper?
- Why Lansweeper?
  Lansweeper helps you to minimize risks and optimize your IT by providing actionable insight into your entire technology estate.
- By Role
  Complete visibility for everyone.
  For System Administrators For IT Managers For C-suite For Cybersecurity Teams For IT Support For MSPs
- By Use Case
  Fuel any IT scenario.
  Discover & Inventory My IT Assets OT Asset Management Replace Inventory Spreadsheets Enhance Cybersecurity Improve CMDB Data Quality Achieve Service Desk Excellence
- By Industry
  Flexibility for your industry.
  Education Healthcare Manufacturing Public Sector
TRY NOW
Integrations
Partners
- Partners
- Partner Ecosystem
  Leverage the power of our data to accelerate growth.
- MSP
  Exceed customer expectations with data-driven managed services.
- ISV Technology Partners
  Integrate or embed our technology to build smarter solutions.
- Channel Partners
  Whether you service, distribute, consult, or resell – we have partner programs to help you grow.
- Find a partner
  Find a trusted Lansweeper certified partner.
TRY NOW
Pricing
Resources
- Resources
- Resources
  Browse resources tailored to your needs.
- Blog
  Discover the latest product news, pro tips, and more.
- Support Help Center
  Need help? Browse extensive resources.
- Success Stories
- Ebooks & White Papers
  Detailed documents you can download for free.
- Webinars & Events
  Register for live or virtual events.
- Report Library
  Browse our extensive audit report library.
- Community
  Start a conversation with your peers.
- Developer Portal
TRY NOW

TRY NOW

Vulnerability

Critical RCE Vulnerability Fixed in VMware vCenter Server

2 min. read

26/10/2023

By Esben Dochy

⚡ TL;DR | Go Straight to the VMware vCenter Server Vulnerability Audit Report

Vmware has released an update for vCenter Server addressing 2 new vulnerabilities, one of which is critical. If successfully exploited this vulnerability could allow an unauthenticated attacker to execute remote code in low-complexity attacks that don’t require user interaction. We have added a new report to Lansweeper to help you identify any at-risk deployments of vCenter Server.

VMware vCenter Server Vulnerability CVE-2023-34048

The new VMware vCenter Server update includes fixes for 2 vulnerabilities, 1 of which is critical. The vulnerability tracked as CVE-2023-34048 received a critical CVSS score of 9.8. It is an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. If successfully exploited an attacker with network access to vCenter Server could trigger an out-of-bounds write which can in turn lead to remote code execution. This could compromise confidential data and even lead to theft or fraud.

A second vulnerability (CVE-2023-34056) was also fixed. This partial information disclosure vulnerability received a CVSS score of 4.3 and could allow a malicious actor with non-administrative privileges access to unauthorized data. You can find all the details in VMware’s advisory.

Update Vulnerable vCenter Server Deployments

VMware has released updates for vCenter Server 7.0 and 8.0, and VMware Cloud Foundation 5.x and 4.x. The updates are available through the usual channels. The fixed versions are 8.0U2, 8.0U1, 7.0U3o, and KB88287. Due to the critical nature of this vulnerability, they also released patches for a number of end-of-life products. Specifically 6.7U3, 6.5U3, and VCF 3.x have been patched. For the full details, as well as links to the patches and updates, make sure to check the advisory page from VMware.

Discover At-Risk vCenter Server Deployments

We have added a new vulnerability report to Lansweeper to help you locate any at-risk vCenter Server deployments in your network. This will give you an actionable list of devices that may be vulnerable and still require you to take action. Do note that this report only lists instances of vCenter Server, and not Cloud Foundation. You can get the report via the link below.

Run the VMware vCenter Server Vulnerability Audit

STAY UPDATED

Receive the latest vulnerability audit reports

Sign up for free.

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Phone

This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES