Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20893
HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-20893

2023-06-2212:15:10
CWE-416
[email protected]
web.nvd.nist.gov
vmware
vcenter server
use-after-free
dcerpc
vulnerability
arbitrary code
network access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Affected configurations

NVD
Node
vmwarevcenter_serverRange<7.0
OR
vmwarevcenter_serverMatch7.0-
OR
vmwarevcenter_serverMatch7.0a
OR
vmwarevcenter_serverMatch7.0b
OR
vmwarevcenter_serverMatch7.0c
OR
vmwarevcenter_serverMatch7.0d
OR
vmwarevcenter_serverMatch7.0update1
OR
vmwarevcenter_serverMatch7.0update1a
OR
vmwarevcenter_serverMatch7.0update1c
OR
vmwarevcenter_serverMatch7.0update1d
OR
vmwarevcenter_serverMatch7.0update2
OR
vmwarevcenter_serverMatch7.0update2a
OR
vmwarevcenter_serverMatch7.0update2b
OR
vmwarevcenter_serverMatch7.0update2c
OR
vmwarevcenter_serverMatch7.0update2d
OR
vmwarevcenter_serverMatch7.0update3
OR
vmwarevcenter_serverMatch7.0update3a
OR
vmwarevcenter_serverMatch7.0update3c
OR
vmwarevcenter_serverMatch7.0update3d
OR
vmwarevcenter_serverMatch7.0update3e
OR
vmwarevcenter_serverMatch7.0update3f
OR
vmwarevcenter_serverMatch7.0update3g
OR
vmwarevcenter_serverMatch7.0update3h
OR
vmwarevcenter_serverMatch7.0update3i
OR
vmwarevcenter_serverMatch7.0update3j
OR
vmwarevcenter_serverMatch7.0update3k
OR
vmwarevcenter_serverMatch7.0update3l
OR
vmwarevcenter_serverMatch8.0-
OR
vmwarevcenter_serverMatch8.0a
OR
vmwarevcenter_serverMatch8.0b
OR
vmwarevcenter_serverMatch8.0c
OR
vmwarevcenter_serverMatch8.0update1
OR
vmwarevcenter_serverMatch8.0update1a

Related

prion 1
cve 1
talos 1
cvelist 1
nessus 1
vmware 1
talosblog 1
prion
prion
Design/Logic Flaw
2023-06-22 12:15:00
cve
cve
CVE-2023-20893
2023-06-22 12:15:10
talos
talos
VMWare vCenter Server DCERPC association groups use-after-free vulnerability
2023-07-13 00:00:00
cvelist
cvelist
CVE-2023-20893
2023-06-22 11:52:32
nessus
nessus
VMware vCenter Server 7.0 < 7.0 U3m / 8.0 < 8.0 U1b Multiple Vulnerabilities (VMSA-2023-0014)
2023-06-29 00:00:00
vmware
vmware
VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896)
2023-06-22 00:00:00
talosblog
talosblog
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
2023-07-13 16:00:21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for NVD:CVE-2023-20893
prion1cve1talos1cvelist1nessus1vmware1talosblog1