CVE-2023-20896

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 41.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Cloud Foundation (vcenter Server)Vmware Vmware Vcenter Server (vcenter Server)Vmware Vcenter Server

Timeline

PublishedJun 22

Description

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDvmware/vcenter_server4.0 — 7.0+2

▶CVEListV5vmware/vmware_vcenter_server_(vcenter_server)8.0 — 8.0 U1b+1

▶CVEListV5vmware/vmware_cloud_foundation_(vcenter_server)5.x — 7.0 U3m, 8.0 U1b+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-20896: The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol↗2023-06-22

▶

GHSA

GHSA-fm8c-6m3x-v3rf: The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol↗2023-06-22

▶

📋Vendor Advisories

VMware

VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896)↗2023-06-22

▶