CVE-2023-20893

9.8CRITICAL

Key Information

Vendor: VMware
Status: VMware vCenter Server (vCenter Server); VMware Cloud Foundation (vCenter Server)
Vendor: CVE Published:; 22 June 2023

Summary

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Affected Version(s)

VMware vCenter Server (vCenter Server) < 8.0 U1b

VMware vCenter Server (vCenter Server) < 7.0 u3m

VMware Cloud Foundation (vCenter Server) < 7.0 U3m, 8.0 U1b

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 22, 2023
Vulnerability Reserved.
Nov 1, 2022

Collectors

NVD DatabaseMitre Database