CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
vmwarevcenter_server
𝑥
< 7.0
vmwarevcenter_server
7.0
vmwarevcenter_server
7.0:a
vmwarevcenter_server
7.0:b
vmwarevcenter_server
7.0:c
vmwarevcenter_server
7.0:d
vmwarevcenter_server
7.0:update1
vmwarevcenter_server
7.0:update1a
vmwarevcenter_server
7.0:update1c
vmwarevcenter_server
7.0:update1d
vmwarevcenter_server
7.0:update2
vmwarevcenter_server
7.0:update2a
vmwarevcenter_server
7.0:update2b
vmwarevcenter_server
7.0:update2c
vmwarevcenter_server
7.0:update2d
vmwarevcenter_server
7.0:update3
vmwarevcenter_server
7.0:update3a
vmwarevcenter_server
7.0:update3c
vmwarevcenter_server
7.0:update3d
vmwarevcenter_server
7.0:update3e
vmwarevcenter_server
7.0:update3f
vmwarevcenter_server
7.0:update3g
vmwarevcenter_server
7.0:update3h
vmwarevcenter_server
7.0:update3i
vmwarevcenter_server
7.0:update3j
vmwarevcenter_server
7.0:update3k
vmwarevcenter_server
7.0:update3l
vmwarevcenter_server
8.0
vmwarevcenter_server
8.0:a
vmwarevcenter_server
8.0:b
vmwarevcenter_server
8.0:c
vmwarevcenter_server
8.0:update1
vmwarevcenter_server
8.0:update1a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799
https://www.vmware.com/security/advisories/VMSA-2023-0014.html