VMware Cloud Director Authentication Bypass (VMSA-2023-0026)

critical Nessus Plugin ID 185949

Synopsis

A virtualization appliance installed on the remote host is affected by a remote code execution vulnerability.

Description

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Refer to the vendor advisory.

See Also

https://www.vmware.com/security/advisories/VMSA-2023-0026.html

https://kb.vmware.com/s/article/88176

Plugin Details

Severity: Critical

ID: 185949

File Name: vmware_cloud_director_vmsa-2023-0026.nasl

Version: 1.5

Type: local

Agent: unix

Family: Misc.

Published: 11/17/2023

Updated: 3/15/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-34060

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:vcloud_director

Required KB Items: Settings/ParanoidReport, Host/VMware vCloud Director/Version, Host/VMware vCloud Director/Build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2023

Vulnerability Publication Date: 11/14/2023

Reference Information

CVE: CVE-2023-34060

IAVA: 2023-A-0644-S

VMSA: 2023-0026