CVE-2023-34048
| CVE Published | 2023-10-25 |
|---|---|
| Related CWE(s) | CWE-787: Out-of-bounds Write |
| Related Vendor(s) | vmware |
| Related Product(s) | vcenter_server |
| Exploitation Reported (CISA KEV) | 2024-01-22 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2023-34048
Report
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
Report
Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
This short post from Mandiant researchers details how UNC3886 were observed exploiting a zero-day vulnerability in VMWare tools for approximately ...
Report
We're All in this Together - A Year in Review of Zero-Days Exploited In-the-Wild in 2023
This report from Mandiant and Google Threat Analysis Group (TAG) presents combined analysis of zero day vulnerability exploitation in 2023. The ...