VMware discloses critical VCD Appliance auth bypass with no patch

VMware

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.

Cloud Director enables VMware admins to manage their organizations’ cloud services as part of Virtual Data Centers (VDC).

The auth bypass security flaw only affects appliances running VCD Appliance 10.5 that were previously upgraded from an older release. The company also added that CVE-2023-34060 does not impact fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances.

Unauthenticated attackers can remotely exploit the bug in low-complexity attacks that don’t require user interaction.

“On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console),” VMware explains.

“This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.”

No patch, a workaround is available

While VMware doesn’t have a patch for this critical authentication bypass, the company provided admins with a temporary workaround until security updates are released.

“VMware released VMware Security Advisory VMSA-2023-0026 to help customers understand the issue and which upgrade path will fix it,” VMware says in a separate advisory.

The workaround shared by VMware will only work for affected versions of VCD Appliance 10.5.0, and it requires downloading a custom script attached to this knowledgebase article and running it on cells exposed to the CVE-2023-34060 vulnerability.

According to VMware, the workaround does not cause any functional disruptions, and downtime is not a concern as neither a service restart nor a reboot is necessary.

In June, the company also fixed an ESXi zero-day used by Chinese state hackers for data theft and alerted customers to an actively exploited critical bug in the Aria Operations for Networks analytics tool.

More recently, in October, it patched a critical vCenter Server flaw (CVE-2023-34048) that can be exploited for remote code execution attacks.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.