VMware releases patches for vCenter Server vulnerabilities that allow RCE and auth bypass

VMware has taken steps to resolve several security flaws in vCenter Server, which pose a significant risk and can allow malicious actors to execute code and bypass authentication on systems that have not been patched.

vCenter Server is the central control hub for VMware's vSphere suite, offering server management capabilities to administrators who oversee virtualized infrastructure and monitor its operations.

It also enables a central vector of attack to the entire VMware environment if it gets compromised.

The identified security vulnerabilities pertain to the DCE/RPC protocol implementation utilized by vCenter Server. This protocol facilitates seamless functioning across multiple systems by creating a virtual unified computing environment.

VMware has released security updates that address four vulnerabilities with a high severity rating.

• CVE-2023-20892 - a heap-overflow flaw
• CVE-2023-20893 - a use-after-free flaw
• CVE-2023-20895 - an out-of-bounds read flaw
• CVE-2023-20894 - and an out-of-bounds write flaw
• CVE-2023-20896 - an out-of-bounds read

The first two vulnerabilities (CVE-2023-20892, CVE-2023-20893) can be exploited by unauthorized attackers who have network access, enabling them to execute arbitrary code through attacks of high complexity that do not necessitate user interaction. Successful exploitation of these vulnerabilities could lead to a complete compromise of confidentiality, integrity, and availability.

Using the CVE-2023-20895 vulnerability, threat actors can trigger an out-of-bounds read and manipulate memory, thus bypassing authentication on vCenter Server appliances that have not been patched.