{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-040.pdf"
    },
    "title": "Multiple Vulnerabilities in VMWare Products",
    "serial_number": "2023-040",
    "publish_date": "23-06-2023 13:31:40",
    "description": "On June 22, VMWare released an advisory regarding multiple memory corruption high severity vulnerabilities in VMware vCenter Server. The affected software provides a centralised and extensible platform for managing virtual infrastructure. The vulnerabilities were found in the DCERPC protocol implementation utilised by vCenter Server. The protocol allows for smooth operation across multiple systems by creating a virtual unified computing environment.<br>\n",
    "url_title": "2023-040",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0VMWare\u00a0Products' \nversion: '1.0' \nnumber: '2023-040'\noriginal_date: 'June 22, 2023'\ndate: 'June 23, 2023'\n---\n\n_History:_\n\n* _23/06/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn June 22, VMWare released an advisory regarding multiple memory corruption high severity vulnerabilities in VMware vCenter Server. The affected software provides a centralised and extensible platform for managing virtual infrastructure [1,2]. The vulnerabilities were found in the DCERPC protocol implementation utilised by vCenter Server. The protocol allows for smooth operation across multiple systems by creating a virtual unified computing environment [3].\n\n# Technical Details\n\n- `CVE-2023-20892` (CVSSv3 base score of 8.1) - a heap overflow vulnerability due to the usage of uninitialised memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.\n\n- `CVE-2023-20893` (CVSSv3 base score of 8.1) - a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to v\u2026ut-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.\n\n- `CVE-2023-20895` (CVSSv3 base score of 8.1) - a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.\n\n# Affected Products\n\n- vCenter Server 7.0 [1]\n- vCenter Server 8.0 [1]\n- Cloud Foundation (vCenter Server) 4.x [1]\n- Cloud Foundation (vCenter Server) 5.x [1]\n\n# Recommendations\n\nCERT-EU highly recommends installing the fixed versions as soon as possible:\n\n- vCenter Server 7.0 U3m [1]\n- vCenter Server 8.0 U1b [1]\n- Cloud Foundation (vCenter Server) 7.0 U3m [1]\n- Cloud Foundation (vCenter Server) 8.0 U1b [1]\n\n\n# References\n\n[1] <https://www.vmware.com/security/advisories/VMSA-2023-0014.html>\n\n[2] <https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vCenter/vmware-vcenter-server-datasheet.pdf>\n\n[3] <https://vulnera.com/newswire/vmware-addresses-high-severity-security-flaws-in-vcenter-server/>\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>23/06/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On June 22, VMWare released an advisory regarding multiple memory corruption high severity vulnerabilities in VMware vCenter Server. The affected software provides a centralised and extensible platform for managing virtual infrastructure [1,2]. The vulnerabilities were found in the DCERPC protocol implementation utilised by vCenter Server. The protocol allows for smooth operation across multiple systems by creating a virtual unified computing environment [3].</p><h2 id=\"technical-details\">Technical Details</h2><ul><li><p><code>CVE-2023-20892</code> (CVSSv3 base score of 8.1) - a heap overflow vulnerability due to the usage of uninitialised memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.</p></li><li><p><code>CVE-2023-20893</code> (CVSSv3 base score of 8.1) - a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to v\u2026ut-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.</p></li><li><p><code>CVE-2023-20895</code> (CVSSv3 base score of 8.1) - a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.</p></li></ul><h2 id=\"affected-products\">Affected Products</h2><ul><li>vCenter Server 7.0 [1]</li><li>vCenter Server 8.0 [1]</li><li>Cloud Foundation (vCenter Server) 4.x [1]</li><li>Cloud Foundation (vCenter Server) 5.x [1]</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU highly recommends installing the fixed versions as soon as possible:</p><ul><li>vCenter Server 7.0 U3m [1]</li><li>vCenter Server 8.0 U1b [1]</li><li>Cloud Foundation (vCenter Server) 7.0 U3m [1]</li><li>Cloud Foundation (vCenter Server) 8.0 U1b [1]</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.vmware.com/security/advisories/VMSA-2023-0014.html\">https://www.vmware.com/security/advisories/VMSA-2023-0014.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vCenter/vmware-vcenter-server-datasheet.pdf\">https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vCenter/vmware-vcenter-server-datasheet.pdf</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://vulnera.com/newswire/vmware-addresses-high-severity-security-flaws-in-vcenter-server/\">https://vulnera.com/newswire/vmware-addresses-high-severity-security-flaws-in-vcenter-server/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}