Lucene search

[email protected]NVD:CVE-2023-20895

HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-20895

2023-06-2212:15:10

CWE-787

[email protected]

web.nvd.nist.gov

vmware

vcenter server

memory corruption

dcerpc protocol

authentication bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Affected configurations

Nvd

Node

vmwarevcenter_serverRange<7.0

vmwarevcenter_serverMatch7.0-

vmwarevcenter_serverMatch7.0a

vmwarevcenter_serverMatch7.0b

vmwarevcenter_serverMatch7.0c

vmwarevcenter_serverMatch7.0d

vmwarevcenter_serverMatch7.0update1

vmwarevcenter_serverMatch7.0update1a

vmwarevcenter_serverMatch7.0update1c

vmwarevcenter_serverMatch7.0update1d

vmwarevcenter_serverMatch7.0update2

vmwarevcenter_serverMatch7.0update2a

vmwarevcenter_serverMatch7.0update2b

vmwarevcenter_serverMatch7.0update2c

vmwarevcenter_serverMatch7.0update2d

vmwarevcenter_serverMatch7.0update3

vmwarevcenter_serverMatch7.0update3a

vmwarevcenter_serverMatch7.0update3c

vmwarevcenter_serverMatch7.0update3d

vmwarevcenter_serverMatch7.0update3e

vmwarevcenter_serverMatch7.0update3f

vmwarevcenter_serverMatch7.0update3g

vmwarevcenter_serverMatch7.0update3h

vmwarevcenter_serverMatch7.0update3i

vmwarevcenter_serverMatch7.0update3j

vmwarevcenter_serverMatch7.0update3k

vmwarevcenter_serverMatch7.0update3l

vmwarevcenter_serverMatch8.0-

vmwarevcenter_serverMatch8.0a

vmwarevcenter_serverMatch8.0b

vmwarevcenter_serverMatch8.0c

vmwarevcenter_serverMatch8.0update1

vmwarevcenter_serverMatch8.0update1a

VendorProductVersionCPE
vmwarevcenter_server*cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
vmwarevcenter_server7.0cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	vcenter_server	*	cpe:2.3:a:vmware:vcenter_server::::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:-::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:a::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:b::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:c::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:d::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1a::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1c::::::
vmware	vcenter_server	7.0	cpe:2.3:a:vmware:vcenter_server:7.0:update1d::::::