Security News > 2023 > October > VMware fixes critical code execution flaw in vCenter Server

VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.

vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.

"While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x," the company said.

"For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1. Async vCenter Server patches for VCF 5.x and 4.x deployments have been made available."

In June, VMware patched multiple high-severity vCenter Server security flaws, mitigating code execution and authentication bypass risks.

The same week, VMware fixed an ESXi zero-day exploited by Chinese state hackers in data theft attacks and alerted customers to an actively exploited critical flaw in the Aria Operations for Networks analytics tool, which has since been patched.

News URL

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-code-execution-flaw-in-vcenter-server/