- 146/2023
- High
VMware has released security updates to fix multiple vulnerabilities in VMware vCenter Server and Cloud Foundation.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, cause memory corruption, a denial of services attack, or an out-of-bound write/read on the affected system.
Sample of the addressed vulnerabilities:
1. VMware vCenter Server heap-overflow Vulnerability (CVE-2023-20892):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware vCenter Server use-after-free Vulnerability (CVE-2023-20893):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Affected Products:
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Vulnerabilities
- CVE-2023-20892
- CVE-2023-20893
- CVE-2023-20894
- CVE-2023-20895
- CVE-2023-20896
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.