A critical vulnerability was recently disclosed that affects VMware's vCenter Server and Cloud Foundation. The consequences of this vulnerability may result in a malicious actor performing remote code execution. Specifics of the vulnerability can be found here.
CVE-2023-34048: VMware vCenter Server Out-of-Bounds Write Vulnerability
CVE-2023-34056: VMware vCenter Server Partial Information Disclosure Vulnerability
Affected Products: VMware vCenter Server VMware Cloud Foundation
Malicious actor(s) could perform remote code execution
Not known to be exploited in the wild
Mitigating the Vulnerability
It is recommended to update vCenter and Cloud Foundation as soon as possible. If you would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.