===================================================================== CERT-Renater Note d'Information No. 2023/VULN471 _____________________________________________________________________ DATE : 15/11/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Cloud Director Appliance. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2023-0026.html _____________________________________________________________________ Critical Advisory ID: VMSA-2023-0026 CVSSv3 Range: 9.8 Issue Date: 2023-11-14 Updated On: 2023-11-14 (Initial Advisory) CVE(s): CVE-2023-34060 Synopsis: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060). 1. Impacted Products VMware Cloud Director Appliance (VCD Appliance) 2. Introduction An authentication bypass vulnerability in VMware Cloud Director Appliance was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product. 3. Authentication Bypass Vulnerability (CVE-2023-34060) Description VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. Resolution To remediate CVE-2023-34060 follow the guidance mentioned in KB95534 in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes Only deployments that have upgraded to 10.5 from an older release are impacted by CVE-2023-34060. New deployments of 10.5 are not impacted by CVE-2023-34060. VMware Cloud Director Appliance is impacted since it uses a version of sssd from the underlying Photon OS that is affected by CVE-2023-34060: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060 VMware has determined other appliances to not be impacted by this vulnerability. Acknowledgements VMware would like to thank Dustin Hartle from Ideal Integrations Inc for reporting this issue to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Cloud Director Appliance 10.5 if upgraded from 10.4.x or below. Photon OS CVE-2023-34060 9.8 critical KB95534 N/A None VMware Cloud Director Appliance 10.5 new install Photon OS CVE-2023-34060 N/A N/A Unaffected N/A None VMware Cloud Director Appliance 10.4.x and Below Photon OS CVE-2023-34060 N/A N/A Unaffected N/A None 4. References Fixed Version(s) and Release Notes: KB95534 Photon Security Advisory: https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34060 FIRST CVSSv3 Calculator: CVE-2023-34060: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 5. Change Log 2023-11-14 VMSA-2023-0026 Initial security advisory. 6. Contact E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2023 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================