CVE-2023-20896
published 2023-06-22CVE-2023-20896: The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | >= 4.0 < 7.0 | 7.0 |
| vmware | vmware_cloud_foundation | >= 4.x < 7.0 U3m, 8.0 U1b | 7.0 U3m, 8.0 U1b |
| vmware | vmware_cloud_foundation | >= 5.x < 7.0 U3m, 8.0 U1b | 7.0 U3m, 8.0 U1b |
| vmware | vmware_vcenter_server | >= 7.0 < 7.0 u3m | 7.0 u3m |
| vmware | vmware_vcenter_server | >= 8.0 < 8.0 U1b | 8.0 U1b |