CVE-2023-34060
published 2023-11-14CVE-2023-34060: VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.34%
67.9th percentile
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_director | < 10.5 | 10.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or anomalous SSH login attempts on port 22 to VMware Cloud Director Appliance 10.5 hosts that were upgraded from an older version — successful logins bypassing normal authentication are indicative of exploitation. ↗
- →Monitor for unauthenticated or anomalous access attempts on port 5480 (VCD appliance management console) on upgraded VCD Appliance 10.5 instances. ↗
- →Exploit PoC uses hardcoded credentials 'root'/'vmware' over SSH — alert on SSH authentication attempts using these credentials against VCD appliance hosts. ↗
- →The bypass is NOT present on port 443; focus detection on ports 22 and 5480 exclusively for this CVE. ↗
- →Only upgraded (not fresh-install) VCD Appliance 10.5 instances are vulnerable; scope detection to appliances known to have been upgraded from an older version. ↗
- →The underlying vulnerable component is sssd from Photon OS; check for sssd versions below sssd-2.8.1-11 (Photon OS 3) or sssd-2.8.2-9 (Photon OS 4 and 5) as a host-based indicator of a vulnerable system. ↗
- ·Vulnerability only affects VCD Appliance 10.5 instances that were UPGRADED from an older version — fresh installs of 10.5 are NOT affected. ↗
- ·Linux deployments and other (non-appliance) VCD deployment types are not impacted. ↗
- ·A workaround script is available for VCD Appliance 10.5.0 that does not require a service restart or reboot, and does not cause functional disruptions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w4pv-p6xf-qc53: VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10
ghsa_unreviewed·2023-11-14
CVE-2023-34060 [CRITICAL] CWE-306 GHSA-w4pv-p6xf-qc53: VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
VMware
VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).
vendor_vmware·2023-11-14·CVSS 9.8
CVE-2023-34060 [CRITICAL] VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).
VMSA-2023-0026: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2023-34060
No detection rules found.
Bleepingcomputer
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
blogs_bleepingcomputer·2023-12-01·CVSS 3.9
CVE-2023-34060 [LOW] VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
## VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
## Sergiu Gatlan
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.
Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC).
The auth bypass security flaw (CVE-2023-34060) only impacts appliances running VCD Appliance 10.5 that were previously upgraded from an older release. However, VMware says it doesn't affect fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances.
Remote attackers can remotely exploit the CVE-2023-34060 bug in low-complexity attacks that don't re
Bleepingcomputer
VMware discloses critical VCD Appliance auth bypass with no patch
blogs_bleepingcomputer·2023-11-14·CVSS 9.8
[CRITICAL] VMware discloses critical VCD Appliance auth bypass with no patch
## VMware discloses critical VCD Appliance auth bypass with no patch
## Sergiu Gatlan
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.
Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers (VDC).
The auth bypass security flaw only affects appliances running VCD Appliance 10.5 that were previously upgraded from an older release. The company also added that CVE-2023-34060 does not impact fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances.
Unauthenticated attackers can remotely exploit the bug in low-complexity attacks that don't require user interaction.
"On an upgraded version of VMware Cloud Director Appliance 10.5, a malici
https://github.com/vmware/photon/wiki/Security-Update-3.0-687https://github.com/vmware/photon/wiki/Security-Update-4.0-512https://github.com/vmware/photon/wiki/Security-Update-5.0-143https://www.vmware.com/security/advisories/VMSA-2023-0026.htmlhttps://github.com/vmware/photon/wiki/Security-Update-3.0-687https://github.com/vmware/photon/wiki/Security-Update-4.0-512https://github.com/vmware/photon/wiki/Security-Update-5.0-143https://www.vmware.com/security/advisories/VMSA-2023-0026.html
2023-11-14
Published