Critical Vulnerability in VMWare Cloud Director Appliance

Published on 15 Nov 2023

4 Dec 2023 Update

VMWare has released VMware Cloud Director Appliance 10.5.1 to address CVE-2023-34060.

Users and administrators of affected product versions are advised to upgrade to the latest version immediately.

More information is available here:
https://www.vmware.com/security/advisories/VMSA-2023-0026.html

*****

VMWare has released security updates to address a critical vulnerability (CVE-2023-34060) in their VMware Cloud Director Appliance (VCD Appliance). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker with network access to the appliance to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console).

The vulnerability only affects deployments that have been upgraded to version 10.5 from an older release.

Users may manually verify if the Cell is exposed to the vulnerability by running the command egrep 'unknown|sufficient|use_first_pass|optional pam_sss' /etc/pam.d/system*.

Any output from the previous command is an indication that the deployment is vulnerable. Users of vulnerable deployments are advised to apply the following temporary mitigation measures as a patch is not yet available:

  1. SSH to Primary Cell within the Server Group
  2. Download the WA_CVE-2023-34060.sh script to the /opt/vmware/vcloud-director/data/transfer/ directory
  3. Modify the permissions of the file to allow execution
    1. chown root:vcloud /opt/vmware/vcloud-director/data/transfer/WA_CVE-2023-34060.sh
    2. chmod 740 /opt/vmware/vcloud-director/data/transfer/WA_CVE-2023-34060.sh
  4. Navigate to the Transfer directory of the Cell
    1. cd /opt/vmware/vcloud-director/data/transfer/
  5. Execute the script
    1. ./WA_CVE-2023-34060.sh
  6. Repeat Step 4 and Step 5 above on all remaining Cells within the Server Group

Users and administrators of affected product versions are advised to monitor the VMWare website for updates and upgrade to the latest version immediately when available.

More information is available here:
https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/
https://www.securityweek.com/critical-authentication-bypass-flaw-in-vmware-cloud-director-appliance/
https://kb.vmware.com/s/article/95534

Tags
Alerts Alerts & Advisories
Share