Virtualization giant VMware has published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution.
A total of five security defects were patched in the software’s implementation of the DCERPC protocol, including four that VMware flags as ‘important’, with a CVSS score of 8.1.
Two of these issues, tracked as CVE-2023-20892 (heap buffer overflow due to uninitialized memory) and CVE-2023-20893 (use-after-free) could lead to code execution, according to VMware’s advisory.
“A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server,” VMware notes for both.
Next in line is CVE-2023-20894, a remotely exploitable out-of-bounds write bug that can be triggered via specially crafted packets to cause memory corruption.
The fourth vulnerability, CVE-2023-20895, is a memory corruption flaw that can be exploited over the network to bypass authentication.
VMware’s updates also address a important-severity out-of-bounds read vulnerability that a malicious actor can exploit remotely to cause a denial-of-service (DoS) condition on services such as vmcad, vmdird, and vmafdd.
Patches for all flaws were included in vCenter Server and Cloud Foundation versions 8.0 U1b and 7.0 U3m. VMware also released Async patches for VCF customers.
vCenter Server is an advanced server management software for virtual infrastructure delivery across the hybrid cloud. The appliance is included in vSphere and Cloud Foundation products.
VMware recommends that all customers update to a patched version of the impacted products, noting that there is no workaround for any of these vulnerabilities. The company says it is not aware of any of these flaws being exploited in the wild.
Related: VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
Related: Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
Related: VMware Plugs Critical Flaws in Network Monitoring Product
More from Ionut Arghire
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
- Legit Security Raises $40 Million in Series B Financing
- Atlassian Security Updates Patch High-Severity Vulnerabilities
- Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
