Critical
VMSA-2023-0026
9.8
2023-11-14
2023-11-14 (Initial Advisory)
CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).
1. Impacted Products
VMware Cloud Director Appliance (VCD Appliance)
2. Introduction
An authentication bypass vulnerability in VMware Cloud Director Appliance was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.
3. Authentication Bypass Vulnerability (CVE-2023-34060)
Description
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors
On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
Resolution
To remediate CVE-2023-34060 follow the guidance mentioned in KB95534 in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060. New deployments of 10.5 are not impacted by CVE-2023-34060.
VMware Cloud Director Appliance is impacted since it uses a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
VMware has determined other appliances to not be impacted by this vulnerability.
Acknowledgements
VMware would like to thank Dustin Hartle from Ideal Integrations Inc for reporting this issue to us.
Response Matrix
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Cloud Director Appliance | 10.5 if upgraded from 10.4.x or below. | Photon OS | CVE-2023-34060 | critical
| N/A | None | ||
VMware Cloud Director Appliance | 10.5 new install | Photon OS | CVE-2023-34060 | N/A | N/A | Unaffected | N/A | None |
VMware Cloud Director Appliance | 10.4.x and Below | Photon OS | CVE-2023-34060 | N/A | N/A | Unaffected | N/A | None |
4. References
Fixed Version(s) and Release Notes:
Photon Security Advisory: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34060
FIRST CVSSv3 Calculator:
CVE-2023-34060: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-11-14 VMSA-2023-0026
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.