VMware vSphere Users Beware of New Critical Vulnerability

CVECVE-2023-21673
CVSScvssV3_1: 8.7
SourceCVE-2023-21673

VMware vSphere, one of the most popular virtualization platforms, has been found to contain a critical vulnerability that could allow attackers to corrupt memory.

The vulnerability, tracked as CVE-2023-21673, receives a CVSS score of 8.7 out of 10 due to its potential impact. It involves improper access controls on the virtual machine (VM) resource manager. This could enable an attacker with network access to the vSphere management interface to potentially execute arbitrary code on the underlying host.

Attackers could exploit this vulnerability by sending specially crafted requests to the vSphere management interface. If successful, it would allow them to manipulate memory and potentially install malware or steal sensitive information like credentials or encrypted data.

If you use vSphere in your organization, you should make sure to apply the latest security updates from VMware as soon as possible. Keeping your vSphere installation up-to-date is one of the best ways to mitigate risks from vulnerabilities like this. You should also review access controls and make sure only authorized users can access the vSphere management interface over the network.

Staying on top of security bulletins and applying patches promptly is essential for keeping virtualization platforms secure. Take action now to patch your vSphere servers before attackers have a chance to exploit this critical vulnerability.

References