Grigory Dorodnov

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions prior to October 2023 **Description** VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability, potentially leading to remote code execution. This vulnerability has been actively exploited by the Chinese espionage group UNC3886 since late 2021, targeting defense, government, telecom, and technology sectors in the US and APJ regions. The vulnerability allows attackers to compromise hypervisors, install HTTP backdoors, access guests using PowerCLI, and run unregistered VMs via the VMware CLI. Hundreds of potentially vulnerable instances have been identified globally. **Recommendations** Update VMware vCenter Server to the latest version available as of October 2023.