Security News > 2023 > October > VMware fixes critical code execution flaw in vCenter Server
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.
vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.
"While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x," the company said.
"For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1. Async vCenter Server patches for VCF 5.x and 4.x deployments have been made available."
In June, VMware patched multiple high-severity vCenter Server security flaws, mitigating code execution and authentication bypass risks.
The same week, VMware fixed an ESXi zero-day exploited by Chinese state hackers in data theft attacks and alerted customers to an actively exploited critical flaw in the Aria Operations for Networks analytics tool, which has since been patched.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)