Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerabilities in VMware vCenter Server and Cloud Foundation Products
Alerts

High-Severity Vulnerabilities in VMware vCenter Server and Cloud Foundation Products

26 June 2023

VMware has released security updates to address multiple vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894 and CVE-2023-20895) in their vCenter Server and Cloud Foundation products.

The vulnerabilities are:

  • CVE-2023-20892: A heap overflow vulnerability that could allow attackers with network access to perform arbitrary code execution.

  • CVE-2023-20893: A use-after-free vulnerability that could allow attackers with network access to perform arbitrary code execution.

  • CVE-2023-20894: An out-of-bound write vulnerability that could allow attackers with network access to cause memory corruption via specially crafted packet.

  • CVE-2023-20895: A memory corruption vulnerability that could allow attackers with network access to bypass authentication.

The vulnerabilities affect the following product versions:

  • vCenter Server versions 7.0 and 8.0

  • Cloud Foundation versions 4.x and 5.

Users and administrators of the affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2023-0014.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-vcenter-server-bugs-allowing-code-execution-auth-bypass/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20892

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20893

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20894

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20895

Back to top