What is the severity of CVE-2023-20896?

The severity of CVE-2023-20896 is high with a CVSS score of 7.5.

Which versions of VMware vCenter Server are affected by CVE-2023-20896?

VMware vCenter Server versions 4.0 to 7.0 are affected by CVE-2023-20896.

How can I fix CVE-2023-20896?

VMware has released security advisories with patches addressing CVE-2023-20896. It is recommended to apply the necessary patches or updates to mitigate the vulnerability.

Vulnerability/
CVE-2023-20896

high

7.5

CWE

125

22/6/2023

13/7/2023

CVE-2023-20896

Q: What is CVE-2023-20896?

CVE-2023-20896 is an out-of-bounds read vulnerability in the implementation of the DCERPC protocol in VMware vCenter Server.

Q: How can a malicious actor exploit CVE-2023-20896?

A malicious actor with network access to vCenter Server can trigger an out-of-bounds read by sending a specially crafted packet, leading to denial-of-service of certain services.

First published: Thu Jun 22 2023(Updated: )

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware vCenter Server	>=4.0<7.0
VMware vCenter Server	=7.0
VMware vCenter Server	=7.0-a
VMware vCenter Server	=7.0-b
VMware vCenter Server	=7.0-c
VMware vCenter Server	=7.0-d
VMware vCenter Server	=7.0-update1
VMware vCenter Server	=7.0-update1a
VMware vCenter Server	=7.0-update1c
VMware vCenter Server	=7.0-update1d
VMware vCenter Server	=7.0-update2
VMware vCenter Server	=7.0-update2a
VMware vCenter Server	=7.0-update2b
VMware vCenter Server	=7.0-update2c
VMware vCenter Server	=7.0-update2d
VMware vCenter Server	=7.0-update3
VMware vCenter Server	=7.0-update3a
VMware vCenter Server	=7.0-update3c
VMware vCenter Server	=7.0-update3d
VMware vCenter Server	=7.0-update3e
VMware vCenter Server	=7.0-update3f
VMware vCenter Server	=7.0-update3g
VMware vCenter Server	=7.0-update3h
VMware vCenter Server	=7.0-update3i
VMware vCenter Server	=7.0-update3j
VMware vCenter Server	=7.0-update3k
VMware vCenter Server	=7.0-update3l
VMware vCenter Server	=8.0
VMware vCenter Server	=8.0-a
VMware vCenter Server	=8.0-b
VMware vCenter Server	=8.0-c
VMware vCenter Server	=8.0-update1
VMware vCenter Server	=8.0-update1a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-20896?
CVE-2023-20896 is an out-of-bounds read vulnerability in the implementation of the DCERPC protocol in VMware vCenter Server.
What is the severity of CVE-2023-20896?
The severity of CVE-2023-20896 is high with a CVSS score of 7.5.
How can a malicious actor exploit CVE-2023-20896?
A malicious actor with network access to vCenter Server can trigger an out-of-bounds read by sending a specially crafted packet, leading to denial-of-service of certain services.
Which versions of VMware vCenter Server are affected by CVE-2023-20896?
VMware vCenter Server versions 4.0 to 7.0 are affected by CVE-2023-20896.
How can I fix CVE-2023-20896?
VMware has released security advisories with patches addressing CVE-2023-20896. It is recommended to apply the necessary patches or updates to mitigate the vulnerability.

collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/tags
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/remedy
vendor/vmware
canonical/vmware vcenter server
version/vmware vcenter server/4.0
version/vmware vcenter server/7.0
version/vmware vcenter server/7.0-a
version/vmware vcenter server/7.0-b
version/vmware vcenter server/7.0-c
version/vmware vcenter server/7.0-d
version/vmware vcenter server/7.0-update1
version/vmware vcenter server/7.0-update1a
version/vmware vcenter server/7.0-update1c
version/vmware vcenter server/7.0-update1d
version/vmware vcenter server/7.0-update2
version/vmware vcenter server/7.0-update2a
version/vmware vcenter server/7.0-update2b
version/vmware vcenter server/7.0-update2c
version/vmware vcenter server/7.0-update2d
version/vmware vcenter server/7.0-update3
version/vmware vcenter server/7.0-update3a
version/vmware vcenter server/7.0-update3c
version/vmware vcenter server/7.0-update3d
version/vmware vcenter server/7.0-update3e
version/vmware vcenter server/7.0-update3f
version/vmware vcenter server/7.0-update3g
version/vmware vcenter server/7.0-update3h
version/vmware vcenter server/7.0-update3i
version/vmware vcenter server/7.0-update3j
version/vmware vcenter server/7.0-update3k
version/vmware vcenter server/7.0-update3l
version/vmware vcenter server/8.0
version/vmware vcenter server/8.0-a
version/vmware vcenter server/8.0-b
version/vmware vcenter server/8.0-c
version/vmware vcenter server/8.0-update1
version/vmware vcenter server/8.0-update1a

CVE-2023-20896

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-20896?

What is the severity of CVE-2023-20896?

How can a malicious actor exploit CVE-2023-20896?

Which versions of VMware vCenter Server are affected by CVE-2023-20896?

How can I fix CVE-2023-20896?

Company

Resources

Contact