#VU83073 Improper Authentication in VMware Cloud Director - CVE-2023-34060
Published: November 14, 2023 / Updated: October 25, 2024
Vulnerability identifier: #VU83073
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2023-34060
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
VMware Cloud Director
VMware Cloud Director
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error that occurred after upgrading from previous versions to version 10.5.0. A remote attacker can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) and gain unauthorized access to the appliance.
Note, the vulnerability is present only in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version.
Remediation
Install updates from vendor's website.