VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

December 1, 2023 at 01:04PM

VMware fixed a critical authentication bypass vulnerability in upgraded Cloud Director appliance 10.5, which allowed remote attackers to exploit it without user interaction. The issue, identified as CVE-2023-34060, did not affect fresh installations, Linux deployments, or other appliances. VMware also provided a workaround script for immediate protection, ensuring no service disruptions.

Meeting Summary:

**Critical Security Vulnerability Fixed by VMware**

1. **Issue Addressed**: VMware patched a critical authentication bypass vulnerability in Cloud Director appliance deployments, identified as CVE-2023-34060. The vulnerability was initially disclosed on November 14th but remained unpatched for over two weeks.

2. **Affected Systems**: The vulnerability impacted Cloud Director (VCD) Appliance version 10.5 that had been upgraded from a previous release. It did not affect fresh installs of VCD Appliance 10.5, Linux deployments, and other appliances.

3. **Vulnerability Impact**: The CVE-2023-34060 security flaw allowed remote attackers to exploit the bug with low complexity and without requiring user interaction. The bypass affected authentication on port 22 (SSH) and port 5480 (appliance management console), but not on port 443 (VCD provider and tenant login).

4. **Workaround Provided**: VMware released a temporary workaround for VCD Appliance version 10.5.0 that does not disrupt functionality or require service restarts or reboots. This includes a custom script to address the vulnerability.

5. **Security Advisory**: VMware published VMware Security Advisory VMSA-2023-0026 to guide customers on understanding the issue and the necessary upgrade path for resolution.

6. **Previous Incidents**: In June, VMware patched another severe vulnerability, CVE-2023-20867, exploited by hackers for data theft. Another recent fix was released in October for a critical vCenter Server flaw, CVE-2023-34048, which could lead to remote code execution attacks.

**Action Items**:

– Review and apply the security patch released by VMware for affected systems to address CVE-2023-34060.
– If immediate patching is not feasible, implement the provided temporary workaround.
– Ensure that all recent security advisories released by VMware are evaluated and addressed within the IT infrastructure to prevent exploitation.
– Monitor any security communications from VMware for updates on potential vulnerabilities and fixes.

**Key Reminder**: Always verify that all systems are on supported and patched versions, especially after disclosures of critical vulnerabilities.

Full Article