In an advisory issued on January 17, 2024 (VMSA-2023-0023.1), VMware confirmed that CVE-2023-34048 (CVSS 9.8) is being actively exploited in the wild.
The flaw impacts vCenter Server and consists of an out-of-bounds write vulnerability in the Distributed Computing Environment (DCE)/ Remote Procedure Call (RPC) protocol potentially enabling an attacker with network access to the vulnerable instance to achieve conditions for remote code execution.
There are no workarounds for the vulnerability. VMware has reportedly urged administrators to apply the patch which was released last October.
A cursory research via Shodan reveals over 2,000 VMware vCenter Server exposed to the internet and potentially vulnerable. Majority of these are located in the United States.
