The CVE-2023-29483 2.6.0rc1 DoS, related to UDP dns.query.udp(), "ignore_errors", may be included in subsequent patching provided photon includes the CVE for Photon OS 5.0 . VMware will not backport this security fix in earlier versions of vCenter as it may break other API and SDK dependencies. There is no fix at this time scheduled for CVE-2023-29483 2.6.0rc1 DoS in vCenter 7.x. No backports to earlier versions of Photon OS will be scheduled for dnspython service vulnerability.

vCenter 7.0 Update 3q build 24026615

Dnspython < 2.6.0rc1 DoS

Finding:

CVSS Score Source: CVE-2023-29483
Score: 4.4
Updated: 4/16/2024
Vulnerability Publication Date: 2/10/2024

Path              : /usr/lib64/python3.7/site-packages/dnspython
  Installed version : 1.15.0
  Fixed version     : 2.6.0rc1

To validate the tenable scan run the following commands from vCenter command line.

Login to the vCenter
Change to the root shell in vCenter and run the commands:

rpm -qa |grep dnspython

rpm -ql python3-dnspython-1.15.0-3.ph3.noarch |grep dnspython

Please check published CVE fixes in the vCenter release versions

Please use the URL https://www.broadcom.com/support/vmware-security-advisories > select  VMware Cloud Foundation  search CVE to find what VMware products are patched for security vulnerabilities

If the CVE vulnerability is not listed then it's not included in that VMware product.
If the vCenter Photon OS is 4.0 the dnspython version should be at 2.0 or higher.

End of Support for Photon OS on vCenter Server
2. Will VMware release a new update of vCenter 7.0 that includes updating Photon OS to version 4 or 5?
VMware will not release a newer Photon OS version on older releases of vCenter including 7.0 & 8.0.