9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.044 Low
EPSS
Percentile
92.4%
The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5U3v, 6.7 prior to 6.7U3t, 7.0 prior to 7.0U3o, or 8.0 prior to 8.0U1d. It is, therefore, affected by an out-of-bounds write vulnerability as referenced in the VMSA-2023-0023 advisory:
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(183957);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/21");
script_cve_id("CVE-2023-34048");
script_xref(name:"VMSA", value:"2023-0023");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/02/12");
script_xref(name:"IAVA", value:"2023-A-0577-S");
script_name(english:"VMware vCenter Server 6.5 < 6.5U3v / 6.7 < 6.7U3t / 7.0 < 7.0U3o / 8.0 < 8.0U1d Out-of-bounds Write (VMSA-2023-0023)");
script_set_attribute(attribute:"synopsis", value:
"The VMware vCenter Server is affected by an out-of-bounds write vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5U3v, 6.7 prior to 6.7U3t, 7.0
prior to 7.0U3o, or 8.0 prior to 8.0U1d. It is, therefore, affected by an out-of-bounds write vulnerability as
referenced in the VMSA-2023-0023 advisory:
- vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A
malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to
remote code execution. (CVE-2023-34048)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2023-0023.html");
script_set_attribute(attribute:"see_also", value:"https://core.vmware.com/resource/vmsa-2023-0023-questions-answers");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware vCenter Server 6.5U3v, 6.7U3t, 7.0U3o, or 8.0U1d or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-34048");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/25");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_vcenter_detect.nbin");
script_require_keys("Host/VMware/vCenter", "Host/VMware/version", "Host/VMware/release");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('vcf_extras.inc');
var app_info = vcf::vmware_vcenter::get_app_info();
var constraints = [
{ 'min_version' : '6.5', 'fixed_version' : '6.5.22499743', 'fixed_display' : '6.5 Build 22499743 (U3v)' },
{ 'min_version' : '6.7', 'fixed_version' : '6.7.22509723', 'fixed_display' : '6.7 Build 22509723 (U3t)' },
{ 'min_version' : '7.0', 'fixed_version' : '7.0.22357613', 'fixed_display' : '7.0 Build 22357613 (U3o)' },
{ 'min_version' : '8.0', 'fixed_version' : '8.0.22368047', 'fixed_display' : '8.0 Build 22368047 (U1d) or 8.0 Build 223857392 (U2)' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | vcenter_server | cpe:/a:vmware:vcenter_server |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.044 Low
EPSS
Percentile
92.4%