VMSA-2023-0014 – vCenter Server multiple memory corruption vulnerabilities

Multiple memory corruption vulnerabilities in VMware vCenter Server were privately reported to VMware.

• The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.
• The vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.
• The vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.
• The vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.
• The vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.

This has been assigned VMSA-2023-0014, with a critical rating of 5.9 – 8.1 out of 10.0, the range due to this VMSA reference covering several vulnerabilities.

Impact

• If exploited, a malicious actor with network access could run arbitrary commands on the underlying OS that hosts vCentre Server.
• A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
• A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
• A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Risk

The initial difficulty an attacker would face is gaining network access, which – to a degree – serves as a mitigating factor. However, once access has been gained – with the correct knowledge – the risk increases significantly and could render the exploited servers inoperable.

Solution

To remediate these vulnerabilities, VMWare have provided updates which are listed in the ‘Fixed Version’ column of the ‘Response Matrix’ – the link to these can be found in the references.