Network Alerts

VMware vCenter Server Vulnerabilities

Posted by Matt Weber - June 30, 2023 - Vulnerability, VMware

About the Alert

VMware has announced several vulnerabilities within vCenter Server that range from medium to high severity. The disclosed vulnerabilities have varying impacts that could allow a malicious threat actor with network access to execute arbitrary code, cause memory corruption, or bypass authentication on vCenter. Specifics of the vulnerabilities can be found here, and below is a brief description of those with high severity:

CVE-2023-20892: VMware vCenter Server heap-overflow vulnerability

CVE-2023-20893: VMware vCenter Server use-after-free vulnerability

CVE-2023-20894: VMware vCenter Server out-of-bounds write vulnerability

CVE-2023-20895: VMware vCenter Server out-of-bounds read vulnerability

Key Takeaways:

  • Four of the multiple vulnerabilities are rated high
  • Vulnerabilities affect VMware vCenter Server
  • No workarounds to address vulnerabilities and requires software update 

Mitigating the Vulnerabilities

It is recommended to update affected vCenter Server instances. If you utilize VMware vCenter Server within your environment and would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.

Never miss a critical vulnerability alert

Stay in the know and receive a notification right to your inbox when a security message is posted.

Subscribe

Subscribe to receive Network Alerts

×