CVE-2023-20896

MEDIUM

Vmware Vcenter Server < 7.0 - Out-of-Bounds Read

Title source: rule

Description

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

References (2)

Scores

CVSS v3 5.9
EPSS 0.0029
EPSS Percentile 51.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-125
Status published

Affected Products (33)

vmware/vcenter_server < 7.0
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
... and 18 more

Timeline

Published Jun 22, 2023
Tracked Since Feb 18, 2026