VMware discloses critical VCD Appliance auth bypass with no patch

14-Nov-23

A significant, unpatched authentication bypass issue impacting Cloud Director appliance deployments was revealed by VMware.


VMware administrators may oversee cloud services within Virtual Data Centers (VDCs) by using Cloud Director.


Only appliances running VCD Appliance 10.5 that were previously updated from an earlier edition are vulnerable to the auth bypass security issue. Additionally, the business stated that fresh installations of VCD Appliance 10.5 and Linux deployments, along with other appliances, are unaffected by CVE-2023-34060.“When authenticating on port 22 (ssh) or port 5480 on an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can circumvent login restrictions.”


Read More…