Hello,
In case anyone missed the news of the day:
CVE-2023-34048, updates are available. Don’t wait too long if you’re exposed. I didn’t find a public POC yet, i think it won’t be long now.
Critical VMWARE vuln VMSA-2023-0023
+20Thanks for sharing!
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+7Appreciate the heads up!
Tyler Jurgens | Senior Technical Product Marketing Manager | Former Veeam Legend x3 | vExpert ** | VMSP/VMTSP | VCP-2020 | VSP/VTSP | Tanzu Vanguard | VMUG Calgary Leader | VUG Canada Leader | https://explosive.cloud | @Tyler_Jurgens | BlueSky: @tylerjurgens.bsky.social
+21Saw this in the Security emails that I get for VMware but good to inform the community. Thanks for sharing.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+9Got the email from VMware this AM. Most of us don’t allow public IP’s to hit our vCenter’s hopefully 🙂, but I’ll be doing the update when I can.
+7Firewalls just get in the way. If you put your vCenter and your hosts on a public IP, you’ll be able to access them anywhere!
Tyler Jurgens | Senior Technical Product Marketing Manager | Former Veeam Legend x3 | vExpert ** | VMSP/VMTSP | VCP-2020 | VSP/VTSP | Tanzu Vanguard | VMUG Calgary Leader | VUG Canada Leader | https://explosive.cloud | @Tyler_Jurgens | BlueSky: @tylerjurgens.bsky.social
+9TylerJurgens wrote:
Firewalls just get in the way. If you put your vCenter and your hosts on a public IP, you’ll be able to access them anywhere!
Better yet, forward 3399 to your home PC and enable RDP while you are away. It’s a great way for “Remote access” and cheaper than a VPN. Put that cost savings for a .com domain name to simplify needing an IP address even.
*disclaimer* If you don’t sense the sarcasm, please do not do this.
+2Yes, thank you for the sharing on this high scoring vulnerabilities.
The update must be done via the manual mount of the ISO not the VAMI.
Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner
+11BertrandFR wrote:
Hello,
In case anyone missed the news of the day:
CVE-2023-34048, updates are available. Don’t wait too long if you’re exposed. I didn’t find a public POC yet, i think it won’t be long now.
Yes, VMware claims they have not found any evidence of the CVE-2023-34048 being exploited.
[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Comment
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.