www.belgium.be Logo of the federal government

WARNING: Multiple high-risk vulnerabilities in VMWare vCenter Server

Reference: 
Advisory #2023-74
Version: 
1.0
Affected software: 
VMWare vCenter Server 8.0 & 7.0
VMWare Cloud Foundation (vCenter Server) 4.x & 5.x
Type: 
Execution of arbitrary code, Memory corruption, Authentication bypass
CVE/CVSS: 
  • CVE-2023-20892
  • CVE-2023-20893
  • CVE-2023-20894
  • CVE-2023-20895

Sources

https://www.vmware.com/security/advisories/VMSA-2023-0014.html

Risks

Multiple memory corruption vulnerabilities in VMware vCenter Server due to the implementation of the DCERPC protocol were reported to VMware.

All four vulnerabilities have a HIGH impact on Confidentiality, Integrity, and Availability. Privileges, authentication, and user interaction are not required to exploit these vulnerabilities.

Description

CVE-2023-20892: VMware vCenter Server heap-overflow vulnerability

The vCenter Server is vulnerable to a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor can exploit this vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVE-2023-20893: VMware vCenter Server use-after-free vulnerability

The VMware vCenter Server has a use-after-free vulnerability due to the implementation of the DCERPC protocol. A malicious actor can exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVE-2023-20894: VMware vCenter Server out-of-bounds write vulnerability

The VMware vCenter Server has an out-of-bounds write vulnerability due to the implementation of the DCERPC protocol. A malicious actor can trigger an out-of-bound write by sending a specially crafted packet that leads to memory corruption.

CVE-2023-20895: VMware vCenter Server out-of-bounds read vulnerability

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor can trigger a memory corruption vulnerability which may bypass authentication.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit VMWARE’s release pages to download and install the patched versions of this software.

VMware vCenter Server 8.0 U1b:
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u1b-release-notes/index.html

VMware vCenter Server 7.0 U3m:
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3m-release-notes/index.html

References

https://nvd.nist.gov/vuln/detail/CVE-2023-20892
https://nvd.nist.gov/vuln/detail/CVE-2023-20893
https://nvd.nist.gov/vuln/detail/CVE-2023-20894
https://nvd.nist.gov/vuln/detail/CVE-2023-20895