overview

A critical vulnerability (CVE-2023-34060) has been found in VMware Cloud Director instances upgraded to version 10.5 from an older version. CVE-2023-34060 has a CVSS score of 9.8 and allows attackers to bypass authentication protections.  

On an upgraded version of VMware Cloud Director Appliance 10.5, an attacker with network access to the appliance can exploit the flaw when authenticating on port 22 (SSH) or port 5480 (Appliance Management Console). Please note that the bypass is not present on port 443 (VCD Provider and Tenant Login) or on new installations of VMware Cloud Director Appliance 10.5. 

The risk stems from the use of a version of sssd from the underlying Photon OS affected by CVE-2023-34060. While VMware has not released a patch, they have released a workaround in the form of a shell script ("WA_CVE-2023-34060.sh"). Admins are urged to download and execute this script on affected cells exposed to the vulnerability. VMware stated that implementing this temporary mitigation will not result in downtime or affect the functionality of Cloud Director installations. Avertium recommends implementing the mitigations as soon as possible.  

 

 

avertium's recommendationS

  • Download the provided shell script. 
  • Execute the script on affected cells exposed to CVE-2023-34060. 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-34060. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

 

 

SUPPORTING DOCUMENTATION

VMSA-2023-0026 (vmware.com) 

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com) 

VMware discloses critical VCD Appliance auth bypass with no patch (bleepingcomputer.com) 

 
Chat With One of Our Experts



VMWare vulnerability Flash Notice VMware Critical Vulnerability VMware Cloud Director Blog