VMSA-2023-0026:VMware Cloud Director Appliance contains an authentication bypass vulnerability
23679
28 November 2023
13 November 2023
CLOSED
CRITICAL
9.8
CVE-2023-34060
1. Impacted Products
VMware Cloud Director Appliance (VCD Appliance)
2. Introduction
An authentication bypass vulnerability in VMware Cloud Director Appliance was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.
3. Authentication Bypass Vulnerability (CVE-2023-34060)
Description
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors
On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
Resolution
To remediate CVE-2023-34060 on an upgraded version of VMware Cloud Director Appliance 10.5 one of two routes can be taken:
- Upgrade to VMware Cloud Director Appliance 10.5.1 from VMware Cloud Director Appliance 10.5
- Follow the workaround guidance mentioned in KB95534
Workarounds
None.
Additional Documentation
None.
Notes
Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060. New deployments of 10.5 are not impacted by CVE-2023-34060.
VMware Cloud Director Appliance is impacted since it uses a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
VMware has determined other appliances to not be impacted by this vulnerability.
Acknowledgements
VMware would like to thank Dustin Hartle from Ideal Integrations Inc for reporting this issue to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Cloud Director Appliance | 10.5.1 if upgraded from 10.5 or below. | Photon OS | CVE-2023-34060 | N/A | N/A | Unaffected | N/A | N/A |
| VMware Cloud Director Appliance | 10.5 if upgraded from 10.4.x or below. | Photon OS | CVE-2023-34060 | critical | Upgrade 10.5 to 10.5.1 or follow KB95534 | N/A | None | |
| VMware Cloud Director Appliance | 10.5.x new install | Photon OS | CVE-2023-34060 | N/A | N/A | Unaffected | N/A | None |
| VMware Cloud Director Appliance | 10.4.x and Below | Photon OS | CVE-2023-34060 | N/A | N/A | Unaffected | N/A | None |
4. References
Fixed Version(s) and Release Notes:
VMware Cloud Director 10.5.1 Release Notes
Downloads and Documentation
Workaround Guidance: KB95534
Photon Security Advisory: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34060
FIRST CVSSv3 Calculator:
CVE-2023-34060: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-11-14 VMSA-2023-0026
Initial security advisory.
2023-11-30 VMSA-2023-0026.1
Updates to security advisory after release of VMware Cloud Director Appliance 10.5.1 on 2023-11-30.
6. Contact
E-mail: [email protected]
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.