- 310/2023
- Critical
VMware has released a security update to address a critical vulnerability in the VMware Cloud Director Appliance (VCD Appliance).
The addressed vulnerability could allow the remote attacker to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console) to the affected system.
VMware Cloud Director Appliance Security Bypass (CVE-2023-34060):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
It should be highlighted that the mentioned vulnerability exists in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version but in the new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
Vulnerabilities
CVE-2023-34060
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.