I’M UNDER A CYBER ATTACK

Alert

Alert 2023-08 – VMware VDC Appliances Vulnerable to Authentication Skipping

VMware has reported a critical vulnerability affecting products, VMware Cloud Director Appliance (VCD appliance), named CVE-2023-34060 classified as critical witha CVSSv3 score of 9.8, which affects the sssd component of the Photon OS™.

In an upgraded version of VMware Cloud Director Appliance 10.5 (upgraded from a previous version), a malicious actor with network access to the appliance can bypass login restrictions by authenticating on port 22 (ssh) or port 5480 (appliance management console).

This omission is not present on port 443 (VCD provider and tenant login). On a fresh installation of VMware Cloud Director Appliance version 10.5, the vulnerability is not present.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.