VMware has fixed a critical-severity authentication bypass flaw in its cloud service delivery platform, two weeks after the vulnerability was first disclosed on Nov. 14.
The flaw (CVE-2023-34060) exists in VMware Cloud Director Appliance version 10.5 (if the deployment has been upgraded to 10.5 from an older release), and as of Nov. 30 the fix is available via version 10.5.1. Other Cloud Director Appliance versions (including new installations of 10.5 or 10.4 and below) are not impacted.
“On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console),” according to VMware’s security advisory. “This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.”
According to VMware, the bug stems from a version of sssd in the underlying Photon OS used by Cloud Director Appliance. A workaround has been available for the flaw over the past two weeks; however, now that a fix has been deployed VMware recommends that security administrators apply the update.
VMware has issued patches for several other bugs earlier this year, including an authentication bypass flaw (CVE-2023-34039) in its Aria Operations for Networks (formerly vRealize Network Insight) tool, which stemmed from a lack of unique cryptographic key generation.
Recently, in October, meanwhile, the company released patches for a critical-severity vulnerability in its centralized management utility, vCenter Server, which could enable remote code execution attacks.