Improper Authentication in VMware Cloud Director - CVE-2023-34060
Published: November 14, 2023 / Updated: October 25, 2024
Vulnerability identifier: #VU83073
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2023-34060
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: VMware, Inc
Affected software:
VMware Cloud Director
VMware Cloud Director
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error that occurred after upgrading from previous versions to version 10.5.0. A remote attacker can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) and gain unauthorized access to the appliance.
Note, the vulnerability is present only in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version.
How to mitigate CVE-2023-34060
Install updates from vendor's website.