What is the severity of CVE-2023-20893?

The severity of CVE-2023-20893 is critical.

What is the affected software for CVE-2023-20893?

The affected software for CVE-2023-20893 is VMware vCenter Server versions up to and including 7.0.

How can a malicious actor exploit CVE-2023-20893?

A malicious actor with network access to vCenter Server can exploit CVE-2023-20893 to execute arbitrary code on the underlying operating system.

Are there any patches or updates available for CVE-2023-20893?

Yes, VMware has released security advisories with patches to address CVE-2023-20893. It is recommended to update to the latest version of VMware vCenter Server.

Where can I find more information about CVE-2023-20893?

You can find more information about CVE-2023-20893 in the vulnerability reports by Talos Intelligence and the security advisories by VMware.

Vulnerability/
CVE-2023-20893

critical

9.8

CWE

416

22/6/2023

13/7/2023

CVE-2023-20893: Use After Free

First published: Thu Jun 22 2023(Updated: )

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware vCenter Server	<7.0
VMware vCenter Server	=7.0
VMware vCenter Server	=7.0-a
VMware vCenter Server	=7.0-b
VMware vCenter Server	=7.0-c
VMware vCenter Server	=7.0-d
VMware vCenter Server	=7.0-update1
VMware vCenter Server	=7.0-update1a
VMware vCenter Server	=7.0-update1c
VMware vCenter Server	=7.0-update1d
VMware vCenter Server	=7.0-update2
VMware vCenter Server	=7.0-update2a
VMware vCenter Server	=7.0-update2b
VMware vCenter Server	=7.0-update2c
VMware vCenter Server	=7.0-update2d
VMware vCenter Server	=7.0-update3
VMware vCenter Server	=7.0-update3a
VMware vCenter Server	=7.0-update3c
VMware vCenter Server	=7.0-update3d
VMware vCenter Server	=7.0-update3e
VMware vCenter Server	=7.0-update3f
VMware vCenter Server	=7.0-update3g
VMware vCenter Server	=7.0-update3h
VMware vCenter Server	=7.0-update3i
VMware vCenter Server	=7.0-update3j
VMware vCenter Server	=7.0-update3k
VMware vCenter Server	=7.0-update3l
VMware vCenter Server	=8.0
VMware vCenter Server	=8.0-a
VMware vCenter Server	=8.0-b
VMware vCenter Server	=8.0-c
VMware vCenter Server	=8.0-update1
VMware vCenter Server	=8.0-update1a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-20893?
The severity of CVE-2023-20893 is critical.
What is the affected software for CVE-2023-20893?
The affected software for CVE-2023-20893 is VMware vCenter Server versions up to and including 7.0.
How can a malicious actor exploit CVE-2023-20893?
A malicious actor with network access to vCenter Server can exploit CVE-2023-20893 to execute arbitrary code on the underlying operating system.
Are there any patches or updates available for CVE-2023-20893?
Yes, VMware has released security advisories with patches to address CVE-2023-20893. It is recommended to update to the latest version of VMware vCenter Server.
Where can I find more information about CVE-2023-20893?
You can find more information about CVE-2023-20893 in the vulnerability reports by Talos Intelligence and the security advisories by VMware.

collector/nvd-index
vendor/vmware
canonical/vmware vcenter server
version/vmware vcenter server/7.0
version/vmware vcenter server/7.0-a
version/vmware vcenter server/7.0-b
version/vmware vcenter server/7.0-c
version/vmware vcenter server/7.0-d
version/vmware vcenter server/7.0-update1
version/vmware vcenter server/7.0-update1a
version/vmware vcenter server/7.0-update1c
version/vmware vcenter server/7.0-update1d
version/vmware vcenter server/7.0-update2
version/vmware vcenter server/7.0-update2a
version/vmware vcenter server/7.0-update2b
version/vmware vcenter server/7.0-update2c
version/vmware vcenter server/7.0-update2d
version/vmware vcenter server/7.0-update3
version/vmware vcenter server/7.0-update3a
version/vmware vcenter server/7.0-update3c
version/vmware vcenter server/7.0-update3d
version/vmware vcenter server/7.0-update3e
version/vmware vcenter server/7.0-update3f
version/vmware vcenter server/7.0-update3g
version/vmware vcenter server/7.0-update3h
version/vmware vcenter server/7.0-update3i
version/vmware vcenter server/7.0-update3j
version/vmware vcenter server/7.0-update3k
version/vmware vcenter server/7.0-update3l
version/vmware vcenter server/8.0
version/vmware vcenter server/8.0-a
version/vmware vcenter server/8.0-b
version/vmware vcenter server/8.0-c
version/vmware vcenter server/8.0-update1
version/vmware vcenter server/8.0-update1a