Vulnerability Details CVE-2023-20894
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.476
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2023-20894
-
cpe:2.3:a:vmware:vcenter_server:4.0
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.10021
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.12305
-
cpe:2.3:a:vmware:vcenter_server:4.1
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.12319
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.14766
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.17435
-
cpe:2.3:a:vmware:vcenter_server:5.0
-
cpe:2.3:a:vmware:vcenter_server:5.0.0.16964
-
cpe:2.3:a:vmware:vcenter_server:5.5
-
cpe:2.3:a:vmware:vcenter_server:6.0
-
cpe:2.3:a:vmware:vcenter_server:6.5
-
cpe:2.3:a:vmware:vcenter_server:6.7
-
cpe:2.3:a:vmware:vcenter_server:7.0
-
cpe:2.3:a:vmware:vcenter_server:8.0