CVE-2023-34048 VMware CVE debrief

Who should care

VMware vCenter Server administrators, virtualization and infrastructure teams, vulnerability management teams, and incident responders.

Technical summary

The supplied corpus identifies CVE-2023-34048 as an out-of-bounds write issue in VMware vCenter Server and places it in CISA’s Known Exploited Vulnerabilities catalog. The source metadata points to VMware’s advisory VMSA-2023-0023 and the NVD record for additional official reference, but no CVSS score or exploit narrative is included in the corpus.

Defensive priority

Urgent

Recommended defensive actions

• Apply mitigations per VMware’s vendor instructions as soon as possible.
• If mitigations are unavailable, discontinue use of the product per CISA guidance.
• Prioritize remediation to meet the CISA KEV due date of 2024-02-12.
• Verify which VMware vCenter Server instances are in scope for this CVE.
• Monitor the official CVE, NVD, CISA KEV, and VMware advisory references for updates.

Evidence notes

The supplied source item marks this vulnerability as a CISA KEV entry for VMware vCenter Server, with dateAdded 2024-01-22 and dueDate 2024-02-12. The source metadata explicitly includes the required action to apply vendor mitigations or discontinue use if mitigations are unavailable, and it references VMware advisory VMSA-2023-0023 plus the NVD record. No CVSS score was provided in the supplied corpus.

Official resources