CVE-2023-20896

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 22, 2023

Updated: Jul 13, 2023

CWE ID 125

Summary

CVE-2023-20896 is a vulnerability affecting the VMware vCenter Server. The issue lies in the DCERPC protocol implementation, which allows a malicious actor with network access to the server to trigger an out-of-bounds read. This action can result in denial-of-service for specific services, namely vmcad, vmdird, and vmafdd. The vulnerability poses a serious threat, as an attacker can exploit it to disrupt critical functions, adversely impacting an organization's IT infrastructure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

VMware vCenter Server

Affected Vendors

VMware Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rvJpxY
https://www.cve.org/CVERecord?id=CVE-2023-20896
https://nvd.nist.gov/vuln/detail/CVE-2023-20896

Back to Vulnerability Database