October 2, 2023

VMware released security updates to five memory corruption vulnerabilities in the vCenter server that could lead to remote code execution

The memory corruption vulnerabilities reside in the software’s implementation of the DCERPC protocol.

The most severe flaws addressed is a heap-overflow issue tracked as CVE-2023-20892 with a CVSS score of 8.1. An uninitialized memory in the implementation of the DCERPC protocol.

Advertisements

Another fixed vulnerability is a use-after-free vulnerability, tracked as CVE-2023-20893 with a CVSS score of 8.1 in the implementation of the DCERPC protocol. A threat actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the OS of Vcenter server.

The remaining issues addressed are out-of-bounds write vulnerability tracked CVE-2023-20894 with a CVSS score of 8.1, CVE-2023-20895 with a CVSS score of 8.1, and CVE-2023-20894 with a CVSS score of 5.9.

Patches for all flaws were included in vCenter Server and Cloud Foundation versions 8.0 U1b and 7.0 U3m. VMware also released Async patches for VCF customers.

Vmware is not aware of any attacks in the wild exploiting the above issues

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: