Dustin Hartle from Ideal Integrations Inc. has discovered an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). CVE-2023-34060 is given critical severity with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to bypass login restrictions when authenticating.
VMware Cloud Director is among the leading cloud service delivery platforms allowing users to operate and manage cloud service business. The platform delivers secure, efficient, and elastic cloud resources worldwide to thousands of enterprises and IT teams.
Vulnerability Details
An attacker must have network access to the appliance to exploit the vulnerability. The vulnerability is exploitable on port 22 (SSH) or port 5480 (appliance management console). The flaw is not present in port 443 (VCD provider and tenant login). The bypass is not in the new VMware Cloud Director Appliance 10.5 installations.
Affected Version
The vulnerability affects VMware Cloud Director version 10.5 if upgraded from 10.4.x or below.
Note: The vulnerability does not affect the new deployments of 10.5.
Mitigation
VMware has not released patches yet to address the vulnerability. For more information, please refer to VMware Security Advisory (VMSA-2023-0026).
The workaround can be found at KB95534.
Qualys Detection
Qualys customers can scan their devices with QID 379029 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://kb.vmware.com/s/article/95534
https://www.vmware.com/security/advisories/VMSA-2023-0026.html