Vulnerability Details CVE-2023-20896
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2023-20896
-
cpe:2.3:a:vmware:vcenter_server:4.0
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.10021
-
cpe:2.3:a:vmware:vcenter_server:4.0.0.12305
-
cpe:2.3:a:vmware:vcenter_server:4.1
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.12319
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.14766
-
cpe:2.3:a:vmware:vcenter_server:4.1.0.17435
-
cpe:2.3:a:vmware:vcenter_server:5.0
-
cpe:2.3:a:vmware:vcenter_server:5.0.0.16964
-
cpe:2.3:a:vmware:vcenter_server:5.5
-
cpe:2.3:a:vmware:vcenter_server:6.0
-
cpe:2.3:a:vmware:vcenter_server:6.5
-
cpe:2.3:a:vmware:vcenter_server:6.7
-
cpe:2.3:a:vmware:vcenter_server:7.0
-
cpe:2.3:a:vmware:vcenter_server:8.0