This advisory is for organizations that use the VMware vCenter to manage virtual infrastructure. If your organization does not use this platform, this notification may be discarded.
VMware has issued patches for a vulnerability affecting the vCenter Server through the DCE/RPC (Distributed Computing Environment/Remote Procedure Call) protocol. An out of bounds write could make it possible for a potential attacker to remotely write code to a part of the memory where it would be executed with elevated permissions.
CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
While VMware normally does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and the lack of a workaround, VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x.
For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.