CVE-2023-34048

CRITICAL KEV NUCLEI

vCenter Server - Memory Corruption

Title source: llm

Description

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Nuclei Templates (1)

VMware vCenter Server - Out-of-Bounds Write
CRITICALVERIFIEDby ritikchaddha
Shodan: title:"VMware VCenter"
FOFA: title="VMware VCenter"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9321
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-01-22
VulnCheck KEV 2024-01-17
InTheWild.io 2024-01-22
ENISA EUVD EUVD-2023-38166
CWE
CWE-787
Status published
Products (3)
vmware/vcenter_server 7.0 (28 CPE variants)
vmware/vcenter_server 8.0 (8 CPE variants)
vmware/vcenter_server 4.0 - 5.5
Published Oct 25, 2023
KEV Added Jan 22, 2024
Tracked Since Feb 18, 2026