VMware Cloud Director Appliance version 10.5 has been vulnerable to attacks for two weeks because of a critical authentication leak. VMware has finally released a patch and workaround.
Two weeks ago, the critical vulnerability CVE-2023-34060 was discovered in the VMware Cloud Director Appliance, the VMware platform that allows multi-site datacenters to be managed as Virtual Data Centers (VDCs). This vulnerability allows hackers to bypass required authentication to penetrate networks remotely.
Only upgraded version of VDC Appliance 10.5
More specifically, the critical vulnerability only affects appliances with an upgraded version of VMware Cloud Director Appliance 10.5 (VDC Appliance 10.5). Hackers with network access to this appliance can bypass login restrictions during SSH authentication on port 22 or port 5480 of the appliance management console.
According to VMware, this bypass capability is not active on port 443 (the VDC provider and user login).
Additionally, the vulnerability affects only the aforementioned version 10.5 of the VDC Appliance 10.5 that had been upgraded from older releases. Fresh installs are unaffected by the vulnerability, and neither are Linux-based appliances and other appliances.
Patch and workaround
VMware has since addressed the vulnerability and presented a patch and workaround. The workaround allows administrators who do not yet want to or cannot install the patch to fix the problem.
The workaround only works for affected versions of VDC Appliance 10.5 and requires downloading a custom script. This script must additionally run on cells vulnerable to the specific CVE-2023-34060 attacks.
Furthermore, the workaround does not cause functional service interruptions. There is also no downtime because no restarts or reboots are required.
Also read: VMware Aria hit by set of serious SSH vulnerabilities
2 days ago
