[German]VMware has released updates to its vCenter servers to patch important vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 and CVE-2023-20896). In addition, the opportunity could also be used to update VMware tools to close the authentication vulnerability CVE-2023-20867.
Advertising
I had already seen the information about the vulnerabilities among others on Twitter from colleagues in the following tweet, but German blog reader Stefan K. had also informed me yesterday by mail (thanks for that) and wrote:
Hello Günter,
might be worth a note that VMware has closed some vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 and CVE-2023-20896) in vCenter Server.
[…]
Even though a vCenter Server should not be accessible from the Internet, there have been successful attacks in the past because some people dare to do it. You had reported: Review of the VMware ESXi server cyberdebacle (Feb. 2023)
During the action, the gap in the VMware tools can also be patched at the same time (CVE-2023-20867), even if it is not quite as critical.
VMware published Security Advisory VMSA-2023-0014, iwhich lists the vulnerabilities mentioned above. The company writes there:
VMware has been notified of several vulnerabilities in VMware vCenter Server that corrupt memory. Updates are available to address these vulnerabilities in the affected VMware products.
Details on the vulnerabilities and affected product versions can be found in the Security Advisory. The following VMware products are affected:
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
VMware has already released the following pages with release notes on June 21, 2023 (thanks to Stefan for the links).
Advertising
Information about updating VMware tools can be found in security advisory VMSA-2023-0013 dated June 13, 2023, where an authentication bypass vulnerability (CVE-2023-20867) is reported. However, the CVSSv3 index is only rated 3.8.
Advertising
