VMware has disclosed a critical security vulnerability affecting its Cloud Director (VCD) software, which could allow attackers to bypass authentication on vulnerable systems. Tracked as CVE-2023-34060 and rated with a CVSS score of 9.8, the flaw impacts VCD-Appliances that have been upgraded from an older version to Version 10.5. However, newly installed Version 10.5 appliances are reportedly not vulnerable to this exploit.
The vulnerability allows malicious actors with network access to bypass login restrictions on Port 22 (SSH) and Port 5480 (Appliance Management Console) but not on Port 443, used for provider and tenant login. VMware emphasizes that this vulnerability arises due to the usage of an affected version of sssd from the underlying Photon OS.
Although VMware has yet to release a patch for CVE-2023-34060, it has provided a workaround in the form of a shell script (“WA_CVE-2023-34060.sh”), allowing administrators to mitigate the issue temporarily. This workaround does not disrupt the functionality of Cloud Director installations and does not require any downtime or system restart.
The company advises administrators to manually intervene until a patch becomes available. They can utilize provided scripts to check for vulnerability and apply the workaround if necessary. It’s worth noting that Dustin Hartle from Ideal Integrations discovered and reported the vulnerability.
This disclosure comes in the wake of recent security concerns surrounding VMware, including the patching of critical flaws in vCenter Server (CVE-2023-34048) and ESXi, the latter of which was exploited by cybercriminals for ransomware attacks on various organizations.