Out-of-Bounds Read Vulnerability in VMware vCenter Server
CVE-2023-20896

5.9MEDIUM

Key Information:

Vendor
Vmware
Status
Vmware Vcenter Server (vcenter Server)
Vmware Cloud Foundation (vcenter Server)
Vendor
CVE Published:
22 June 2023

Summary

The VMware vCenter Server exposes an out-of-bounds read vulnerability stemming from issues in the DCERPC protocol implementation. Exploitation of this vulnerability requires network access, allowing a malicious actor to send specifically crafted packets to the vCenter Server which may lead to an out-of-bounds read. This can consequently cause disruptions and potential denial-of-service in critical services such as vmcad, vmdird, and vmafdd, impacting the availability and functionality of the server.

Affected Version(s)

VMware Cloud Foundation (vCenter Server) Windows 5.x < 7.0 U3m, 8.0 U1b

VMware Cloud Foundation (vCenter Server) Windows 4.x < 7.0 U3m, 8.0 U1b

VMware vCenter Server (vCenter Server) Windows 8.0 < 8.0 U1b

References

https://www.vmware.com/security/advisories/VMSA-2023-0014...
https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.