Security News > 2023 > October > VMware fixes critical code execution flaw in vCenter Server
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.
vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.
"While VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x," the company said.
"For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1. Async vCenter Server patches for VCF 5.x and 4.x deployments have been made available."
In June, VMware patched multiple high-severity vCenter Server security flaws, mitigating code execution and authentication bypass risks.
The same week, VMware fixed an ESXi zero-day exploited by Chinese state hackers in data theft attacks and alerted customers to an actively exploited critical flaw in the Aria Operations for Networks analytics tool, which has since been patched.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)