VMware has issued an urgent alert regarding a critical security vulnerability in its Cloud Director platform that remains unpatched, potentially allowing malicious actors to bypass authentication measures. This flaw, designated as CVE-2023-34060 and rated with a CVSS score of 9.8, specifically affects systems that have been upgraded to version 10.5 from an earlier release.
The vulnerability enables an attacker with network access to the VMware Cloud Director Appliance 10.5 to circumvent login restrictions via SSH on port 22 and the appliance management console on port 5480. VMware clarified that this bypass is not applicable to connections on port 443, which is designated for provider and tenant logins. Notably, installations of the Cloud Director 10.5 that have been deployed fresh do not exhibit this security issue.
According to VMware’s findings, the root cause of this vulnerability originates from an affected version of the System Security Services Daemon (SSSD) integrated into the underlying Photon OS. This presents a significant risk, as such a flaw could be exploited to gain unauthorized access to sensitive systems.
Dustin Hartle of IT solutions firm Ideal Integrations has been credited with discovering and reporting this critical defect. In response to the threat, VMware has yet to release a formal patch; however, they have provided a temporary workaround through a shell script named “WA_CVE-2023-34060.sh.” This mitigation does not require any system downtime and is designed not to disrupt the existing functionalities of Cloud Director installations.
This vulnerability comes shortly after VMware addressed another critical security issue in vCenter Server, identified as CVE-2023-34048, which also scored a 9.8 on the CVSS scale and had the potential for remote code execution.
Update
On November 30, 2023, VMware released security updates to mitigate CVE-2023-34060, now available in version 10.5.1 of the Cloud Director Appliance. VMware emphasized that only those deployments upgraded to 10.5 from a previous version are affected by this vulnerability, while fresh deployments remain unaffected.
The implications of this situation are significant for business owners relying on VMware’s solutions. With the potential for malicious actors to exploit authentication bypass methods, organizations must prioritize securing their environments and exploring the relevant mitigation strategies. This vulnerability could fall under the “Initial Access” and “Privilege Escalation” tactics outlined in the MITRE ATT&CK framework, highlighting the critical need for vigilance and proactive security measures.
As the cybersecurity landscape continues to evolve, staying informed about vulnerabilities like CVE-2023-34060 is essential for any technology-focused business. Engaging with security advisories and implementing recommended actions can help mitigate risks associated with these emerging threats.
