What is CVE-2023-34056?

CVE-2023-34056 is a moderate severity vulnerability in VMware vCenter Server software. It allows a malicious actor with non-administrative privileges to access unauthorized data. Affected users should update to the latest software versions to mitigate this vulnerability.

Who is impacted by CVE-2023-34056?

This vulnerability affects users of VMware vCenter Server and VMware Cloud Foundation, specifically those with non-administrative privileges. Impacted versions include vCenter Server versions 4.0 to 5.5, specific versions of 7.0 and 8.0, and VMware Cloud Foundation versions 5.x and 4.x.

What to do if CVE-2023-34056 affected you

If you're affected by the CVE-2023-34056 vulnerability, it's crucial to update your VMware vCenter Server software to the latest version. Follow these steps to mitigate the vulnerability:

1. Identify the affected VMware vCenter Server version you're using.

2. Refer to the VMware Security Advisory for the appropriate fixed version for your deployment.

3. Download and apply the update from the VMware customer portal.

4. Monitor VMware Security Advisories for any future updates or patches related to this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-34056 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This partial information disclosure vulnerability in VMware vCenter Server was published on October 25, 2023. There is no specific due date or required action mentioned, but users should update their software to the latest version to mitigate the vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

To better understand the vulnerability and its potential impact, refer to the NVD page and the sources listed below.

• VMware Security Advisory

• CVE Record