PSA: New VMware vCenter Vulnerability

PSA: New VMware vCenter Vulnerability

By Carlo Costanzo
Posted in Security, Virtualization
On October 25, 2023

During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code.

"

The issue affects most versions of vCenter in production and VMware has issued patches for all of these systems. VMware has even taken steps to issue updates to End of Support versions such as 6.5 and 6.7. (If you are still running 6.0 – I mean – it’s probably time to speak to us about our Managed Services offerings!)

For a full breakdown of the vulnerability and links to patches, please visit the VMware release blog here.

Stay Safe out there!
Carlo

Carlo Costanzo

Carlo Costanzo

I am a seasoned Senior Consultant with over 25 years of experience in designing and implementing complex VMware, Microsoft, and Citrix solutions. Through my writing and contributions, I provide valuable insights into the latest technical advancements.