Undetected Threat: Chinese Hackers’ Long-Term VMware Exploitation

 

CVE-2023-34048 is a pathogen that can be exploited remotely by an attacker who has network access to execute arbitrary code remotely due to an out-of-bounds write flaw found in VMware’s DCERPC implementation, which can be tracked as CVE-2023-34048 (CVSS 9.8). 
As a result of the severity of the problem and the lack of workaround, VMware released patches for this vulnerability in October, noting that the patch was also available for versions of its products that had reached the end-of-life period (EOL). 
There has been some reported exploitation of CVE-2023-34048 in the wild since last week, according to the virtualization technology company’s advisory, but it does not provide any specific details on the attacks observed. 
A zero-day vulnerability in VMware and Fortinet devices has been exploited by Chinese state-sponsored hackers named UNC3886 for years, experts have revealed, indicating that they have long exploited this vulnerability. 
Earlier this week, Mandiant issued a report alleging that a group was exploiting the vulnerability to deploy malware, steal credentials, and ultimately exfiltrate sensitive information.

The security patch was released in late October of 2023, and it carries a severity rating of 9.8/10 (critical). 

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: