🆘 VMware raises the alarm about an UNPATCHED security flaw (CVE-2023–34060) in Cloud Director, which could allow attackers to bypass authentication on SSH and appliance management console ports. Learn more ➡️
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.
Tracked as CVE-2023–34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.
“On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5,480 (appliance management console),” the company said in an alert.