VMSA-2023-0026:VMware Cloud Director Appliance contains an authentication bypass vulnerability

VMware Tanzu Application Service

0 more products

23679

28 November 2023

13 November 2023

CLOSED

CRITICAL

9.8

CVE-2023-34060

VMSA-2023-0026.1
9.8
2023-11-14
2023-11-30
CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).
1. Impacted Products
  • VMware Cloud Director Appliance (VCD Appliance)

2. Introduction

An authentication bypass vulnerability in VMware Cloud Director Appliance was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.

3. Authentication Bypass Vulnerability (CVE-2023-34060)

Description

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.

Resolution

To remediate CVE-2023-34060 on an upgraded version of VMware Cloud Director Appliance 10.5 one of two routes can be taken: 

  1. Upgrade to VMware Cloud Director Appliance 10.5.1 from VMware Cloud Director Appliance 10.5
  2. Follow the workaround guidance mentioned in KB95534  

Workarounds

None.

Additional Documentation

None.

Notes

Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060. New deployments of 10.5 are not impacted by CVE-2023-34060. 

VMware Cloud Director Appliance is impacted since it uses a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060

VMware has determined other appliances to not be impacted by this vulnerability. 

Acknowledgements

VMware would like to thank Dustin Hartle from Ideal Integrations Inc for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Cloud Director Appliance
10.5.1 if upgraded from 10.5 or below.
Photon OS
CVE-2023-34060
N/A
N/A
Unaffected
N/A
N/A
VMware Cloud Director Appliance
10.5 if upgraded from 10.4.x or below.
Photon OS
CVE-2023-34060
critical
Upgrade 10.5 to 10.5.1 or follow KB95534
N/A
None
VMware Cloud Director Appliance
10.5.x new install
Photon OS
CVE-2023-34060
N/A
N/A
Unaffected
N/A
None
VMware Cloud Director Appliance
10.4.x and Below
Photon OS
CVE-2023-34060
N/A
N/A
Unaffected
N/A
None
4. References
5. Change Log

2023-11-14 VMSA-2023-0026
Initial security advisory.

2023-11-30 VMSA-2023-0026.1
Updates to security advisory after release of VMware Cloud Director Appliance 10.5.1 on 2023-11-30.

6. Contact

E-mail: [email protected]

PGP key at: 
https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.