Mandiant and VMware recently uncovered a sophisticated cyber espionage campaign. The attackers, a Chinese group identified as UNC3886, leveraged a known vulnerability in VMware software (CVE-2023-34048) to maintain access to the targeted systems for over a year. This case highlights the importance of staying vigilant against persistent and evolving cyber threats. Mandiant’s investigation revealed that … Read more
In October, VMware fixed a critical remote code execution vulnerability in its vCenter Server (CVE-2023-34048) and Cloud Foundation enterprise products that are used to manage virtual machines across hybrid clouds. It has now come to light that a Chinese cyberespionage group had been exploiting the vulnerability for 1.5 years before the patch became available. “These … Read more
Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities … Read more
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines (VMs). “VMware has confirmed that exploitation of CVE-2023-34048 has occurred in the wild,” the … Read more
Cloud computing and virtualization technology giant VMware on Tuesday rushed out an urgent patch for a gaping authentication bypass bug affecting its Cloud Director Appliance product. The vulnerability, tagged as CVE-2023-34060, carries a CVSS severity-score of 9.8 out of 10 and can be exploited by a malicious actor with network access to the appliance to … Read more
Virtualization technology powerhouse VMware is calling urgent attention to a critical remote code execution flaw haunting its vCenter Server and VMware Cloud Foundation products. The company said the vulnerability, tagged as CVE-2023-34048, allows a malicious hacker with network access to launch remote code execution exploits. A critical-severity advisory from VMware described the bug as an … Read more
An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886, which has a CVSS score of 8.8 and is classified as ‘Important’ in severity. By using this vulnerability, an attacker could redirect a victim to a malicious website where their SAML response is intended to be stolen. The victim’s Workspace ONE … Read more
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware’s vSphere suite, and it helps administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2023-34048) was reported by Grigory Dorodnov of Trend Micro’s Zero … Read more
VMware has been discovered with two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, which were associated with Out-of-Bounds Write and Partial Information Disclosure. The severity of these vulnerabilities was 9.8 (Critical) and 4.3 (Medium). Both of these vulnerabilities existed on the VMware vCenter Server, a Server Management Software for managing virtual machines, ESXi hosts, and all other components … Read more
Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High), respectively. One of these vulnerabilities existed in macOS. However, VMware has released patches and security … Read more