More

    Unpatched Critical Vulnerability in VMware Cloud Director Raises Concerns

    VMware has warned of a critical, unpatched security flaw in Cloud Director, designated CVE-2023-34060 (CVSS score: 9.8). This flaw affects instances upgraded to version 10.5 from an earlier version. Malicious actors with network access can exploit this vulnerability to bypass login restrictions when authenticating on ssh or the appliance management console port.

    VMware clarifies that “this bypass does not occur on port 443 (VCD provider and tenant login).” The problem stems from a vulnerable version of sssd in the underlying Photon OS, linked to CVE-2023-34060.

    Dustin Hartle from IT solutions provider Ideal Integrations discovered and reported the issue. VMware has not yet fixed the flaw but offers a shell script workaround, “WA_CVE-2023-34060.sh.” Implementing this script won’t cause downtime or affect Cloud Director’s functionality.

    This news follows VMware’s recent patch release for another critical vulnerability, CVE-2023-34048 (CVSS score: 9.8). This flaw in the vCenter Server could enable remote code execution on affected systems.

    Latest articles

    Related articles