If you are using any of the products below, please proceed to apply the patch before it’s too late!
- VMware vCenter Server
- VMware Cloud Foundation (VCF)
No workaround current available for this important vulnerability, simple vCenter upgrade is recommended to address it.
“Description: The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.” – quoted from VMware’s official advisory
If you are using vCenter 8, then upgrade to vCenter 8.0 U1b immediately.
If you are using vCenter 7, then upgrade to vCenter 7.0 U3m immediately.
Advisory ID VMSA-2023-0014 was released on 06-22-23
Official Advisory link here