Main Vulnerability Database Vulnerabilities #VU77638

#VU77638 Out-of-bounds read in vCenter Server - CVE-2023-20895

Published: June 22, 2023

Vulnerability identifier: #VU77638

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-20895

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
vCenter Server

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in DCERPC protocol implementation. A remote attacker can send specially crafted traffic to the server to trigger an out-of-bounds read error and read contents of memory on the system. The obtain information can be used to bypass authentication process and compromise the system.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2023-0014.html

#VU77638 Out-of-bounds read in vCenter Server - CVE-2023-20895

Description

Remediation

External links

Please verify you're human