June 25, 2023

VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems.

The Vulnerabilities

• CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
• CVE-2023-20893 (CVSS 3.1: 8.1, High-severity) – an use-after-free vulnerability in the implementation of the DCERPC protocol, a malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
• CVE-2023-20894 (CVSS 3.1: 8.1, High-severity) – an out-of-bounds write vulnerability in the implementation of the DCERPC protocol, a malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
• CVE-2023-20895 (CVSS 3.1: 8.1, High-severity) – a memory corruption vulnerability in the implementation of the DCERPC protocol, a malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Affected Products

• vCenter Server – versions 7.0, 8.0.
• vCenter Server Cloud Foundation – versions 4.x/5.x.

Mitigation

CYREBRO recommends to update relevant products up to the latest available releases in accordance with VMware security advisory

References: VMware Advisory