May 3, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Intel – CVE-2023-35719 – Zoho ManageEngine ADSelfService Plus Vulnerability
June 23, 2023
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 23, 2023
Rewterz Threat Intel – CVE-2023-35719 – Zoho ManageEngine ADSelfService Plus Vulnerability
June 23, 2023
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 23, 2023
Severity
High
Analysis Summary
CVE-2023-20896 CVSS:5.9
VMware vCenter Server and VMware Cloud Foundation are vulnerable to a denial of service, caused by an out-of-bounds read in the implementation of the DCERPC protocol. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service in the vmcad, vmdird, and vmafdd services.
CVE-2023-20895 CVSS:8.1
VMware vCenter Server and VMware Cloud Foundation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the implementation of the DCERPC protocol. An attacker could exploit this vulnerability to execute arbitrary code on the system and bypass authentication.
CVE-2023-20894 CVSS:8.1
VMware vCenter Server and VMware Cloud Foundation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the implementation of the DCERPC protocol. By sending a specially crafted packet, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-20893 CVSS:8.1
VMware vCenter Server and VMware Cloud Foundation could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the implementation of the DCERPC protocol. An attacker could exploit this vulnerability to execute arbitrary code on the underlying operating system.
CVE-2023-20892 CVSS:8.1
VMware vCenter Server and VMware Cloud Foundation are vulnerable to a heap-based buffer overflow, caused by use of uninitialized memory in the implementation of the DCERPC protocol. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the underlying operating system.
Impact
- Denial of Service
- Code Execution
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-20896
- CVE-2023-20895
- CVE-2023-20894
- CVE-2023-20893
- CVE-2023-20892
Affected Vendors
VMware
Affected Products
- VMware vCenter Server 7.0
- VMware vCenter Server 8.0
- VMware Cloud Foundation (vCenter Server) 4.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.