Header image overlay

Vulnerability VMware VCenter

Our support will regularly inform you of important events here.

A vulnerability has been identified within VMware vCenter Server. This vulnerability allows a malicious person with network access to execute code on the underlying operating system.

Vulnerability VMware VCenter

VMware recently addressed multiple memory corruption vulnerabilities in vCenter Server that can be exploited to execute external code. These vulnerabilities, designated CVE-2023-20892 to CVE-2023-20896, are in the software implementation of the DCERPC protocol.

A malicious person with network access to vCenter Server could potentially exploit this problem to execute arbitrary code on the underlying operating system hosting vCenter Server.

Take action

The severity of this vulnerability is high (CVE score = 5.9-8.1), which means action is required. We recommend that you upgrade vCenter to version 7.0U3m or 8.0 U1b, released on 22 June 2023. This upgrade will not cause any disruption to your environment and can be performed during business hours.

Given the urgency of the situation, we are implementing these upgrades proactively at our Managed Services clients.

Do you have questions about this or do you, as a non-Managed Services customer, still want support? Please do not hesitate to contact us: support@vanroey.be.

Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .