Critical Authentication Bypass Vulnerability in VMware Cloud Director Appliance – CVE-2023-34060
VMware has identified a critical authentication bypass vulnerability in Cloud Director Appliance, tracked as CVE-2023-34060, posing a significant security risk. This flaw, with a maximum CVSSv3 base score of 9.8, allows unauthenticated attackers to exploit instances upgraded to version 10.5 from an older release. The impact arises from a version of sssd in the underlying Photon OS affected by CVE-2023-34060.
On an upgraded VMware Cloud Director Appliance 10.5, malicious actors with network access can bypass login restrictions on port 22 (ssh) or port 5480 (appliance management console). Notably, this bypass is absent on port 443 (VCD provider and tenant login). Fresh installations of Cloud Director Appliance 10.5 are not susceptible to this authentication bypass.
This vulnerability poses a severe risk as unauthenticated attackers can exploit it remotely through low-complexity attacks without requiring user interaction.
Mitigation and Workaround
While VMware is actively working on a patch, a temporary workaround has been provided in the form of a shell script (“WA_CVE-2023-34060.sh”). Implementing this workaround does not necessitate downtime and does not affect the functionality of Cloud Director installations. VMware has released Security Advisory VMSA-2023-0026 to guide customers on the issue and the appropriate upgrade path.
VMware Cloud Director Appliance (VCD Appliance) versions upgraded to 10.5 from an older release.
To remediate CVE-2023-34060, follow the guidance provided in KB95534.
- Only deployments upgraded to Cloud Director Appliance 10.5 from an older release are impacted.
- New installations of Cloud Director Appliance 10.5 are not vulnerable.
- Other VMware appliances are not affected by this specific vulnerability.