VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.
Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.
"On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company said in an alert.
"This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present."
The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060.
Dustin Hartle from IT solutions provider Ideal Integrations has been credited with discovering and reporting the shortcomings.
While VMware has yet to release a fix for the problem, it has provided a workaround in the form of a shell script ("WA_CVE-2023-34060.sh").
It also emphasized implementing the temporary mitigation will neither require downtime nor have a side-effect on the functionality of Cloud Director installations.
The development comes weeks after VMware released patches for another critical flaw in the vCenter Server (CVE-2023-34048, CVSS score: 9.8) that could result in remote code execution on affected systems.
Update
VMware, on November 30, 2023, released security fixes to address CVE-2023-34060. The updates are available in version VMware Cloud Director Appliance 10.5.1.
"Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060," the company emphasized in an updated advisory. "New deployments of 10.5 are not impacted by CVE-2023-34060."
