VMSA-2023-0026

VMware Security Advisory

Critical

Advisory ID:
VMSA-2023-0026

CVSSv3 Range:
9.8

Issue Date:
2023-11-14

Updated On:
2023-11-14 (Initial Advisory)

CVE(s):
CVE-2023-34060

Synopsis:
VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).

1. Impacted Products

VMware Cloud Director Appliance (VCD Appliance)

2. Introduction

An authentication bypass vulnerability in VMware Cloud Director Appliance was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.

3. Authentication Bypass Vulnerability (CVE-2023-34060)

Description

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.

Resolution

To remediate CVE-2023-34060 follow the guidance mentioned in KB95534 in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.  

Workarounds

None.

Additional Documentation

None.

Notes

Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060. New deployments of 10.5 are not impacted by CVE-2023-34060. 
VMware Cloud Director Appliance is impacted since it uses a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
VMware has determined other appliances to not be impacted by this vulnerability. 

Acknowledgements

VMware would like to thank Dustin Hartle from Ideal Integrations Inc for reporting this issue to us.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware Cloud Director Appliance

10.5 if upgraded from 10.4.x or below.

Photon OS

CVE-2023-34060

9.8

critical

KB95534

N/A

None

VMware Cloud Director Appliance

10.5 new install

Photon OS

CVE-2023-34060

N/A

N/A

Unaffected

N/A

None

VMware Cloud Director Appliance

10.4.x and Below

Photon OS

CVE-2023-34060

N/A

N/A

Unaffected

N/A

None

4. References

Fixed Version(s) and Release Notes:
KB95534
Photon Security Advisory: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34060
FIRST CVSSv3 Calculator: CVE-2023-34060: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-11-14 VMSA-2023-0026 Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at:  https://kb.vmware.com/kb/1055 
VMware Security Advisories https://www.vmware.com/security/advisories 
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html 
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html 
VMware Security & Compliance Blog   https://blogs.vmware.com/security 
Twitter https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.

CLICK FOR MORE INFORMATION