Cloud computing and virtualization technology giant VMware on Tuesday rushed out an urgent patch for a gaping authentication bypass bug affecting its Cloud Director Appliance product. The vulnerability, tagged as CVE-2023-34060, carries a CVSS severity-score of 9.8 out of 10 and can be exploited by a malicious actor with network access to the appliance to … Read more
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations’ cloud services as part of Virtual Data Centers (VDC). The auth bypass security flaw only affects appliances running VCD Appliance 10.5 that were previously upgraded from an older release. The company also added … Read more
Virtualization technology powerhouse VMware is calling urgent attention to a critical remote code execution flaw haunting its vCenter Server and VMware Cloud Foundation products. The company said the vulnerability, tagged as CVE-2023-34048, allows a malicious hacker with network access to launch remote code execution exploits. A critical-severity advisory from VMware described the bug as an … Read more
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack techniquesGame of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. “Disappearing” implants, followed by first fixes for … Read more
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware’s vSphere suite, and it helps administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2023-34048) was reported by Grigory Dorodnov of Trend Micro’s Zero … Read more
VMware has released a patch for a critical vulnerability in the vCenter Server with a high CVSS score. This vulnerability allows a remote unauthorized user to execute arbitrary code on a target system. RCE In VMWare vCenter Server Receives a Fix On October 25, 2023, VMware released a patch for a critical vulnerability CVE-2023-34048, which … Read more
VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual appliance to trigger an out-of-bounds write that can lead to remote code execution. It … Read more
Oct 25, 2023NewsroomVulnerability / Cyber Threat VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. “A malicious … Read more
VMware has disclosed a critical vulnerability in its vCenter Server – and that it issued an update to fix it weeks ago, along with patches for unsupported versions of the software. The soon-to-be-acquired-by-Broadcom virtualization giant on Wednesday delivered news that its implementation of the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol contains an out-of-bounds write … Read more
VMware’s recently patched critical Aria Operations for Networks vulnerability, tracked as CVE-2023-34039, had its proof-of-concept exploit code published, reports The Hacker News. Source link