Lucene search

[email protected]NVD:CVE-2023-20892

HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-20892

2023-06-2212:15:09

CWE-787

[email protected]

web.nvd.nist.gov

vcenter server

heap overflow

dcerpc

arbitrary code

network access

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Affected configurations

Nvd

Node

vmwarevcenter_serverRange<7.0

vmwarevcenter_serverMatch7.0-

vmwarevcenter_serverMatch7.0a

vmwarevcenter_serverMatch7.0b

vmwarevcenter_serverMatch7.0c

vmwarevcenter_serverMatch7.0d

vmwarevcenter_serverMatch7.0update1

vmwarevcenter_serverMatch7.0update1a

vmwarevcenter_serverMatch7.0update1c

vmwarevcenter_serverMatch7.0update1d

vmwarevcenter_serverMatch7.0update2

vmwarevcenter_serverMatch7.0update2a

vmwarevcenter_serverMatch7.0update2b

vmwarevcenter_serverMatch7.0update2c

vmwarevcenter_serverMatch7.0update2d

vmwarevcenter_serverMatch7.0update3

vmwarevcenter_serverMatch7.0update3a

vmwarevcenter_serverMatch7.0update3c

vmwarevcenter_serverMatch7.0update3d

vmwarevcenter_serverMatch7.0update3e

vmwarevcenter_serverMatch7.0update3f

vmwarevcenter_serverMatch7.0update3g

vmwarevcenter_serverMatch7.0update3h

vmwarevcenter_serverMatch7.0update3i

vmwarevcenter_serverMatch7.0update3j

vmwarevcenter_serverMatch7.0update3k

vmwarevcenter_serverMatch7.0update3l

vmwarevcenter_serverMatch8.0-

vmwarevcenter_serverMatch8.0a

vmwarevcenter_serverMatch8.0b

vmwarevcenter_serverMatch8.0c

vmwarevcenter_serverMatch8.0update1

vmwarevcenter_serverMatch8.0update1a

VendorProductVersionCPE
vmwarevcenter_server*cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	vcenter_server	*	cpe:2.3:a:vmware:vcenter_server::::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:-::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:a::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:b::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:c::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:d::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1a::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1c::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1d::::::