VMware issues critical warning of their Cloud Director product
Take action: If you are using VMware Cloud Director that was updated to 10.5 from previous versions, apply the workaround at earliest convenience. The issue isn't immediately exploitable, but don't skip this fix, and the subsequent patch.
VMware has issued an alert for a severe and yet-to-be-fixed security vulnerability within its Cloud Director product, which poses a significant risk if exploited by an attacker.
The issue is tracked CVE-2023-34060 (CVSS3 score 9.8), this flaw impacts instances upgraded to version 10.5 from a previous release. A bad actor with access to the network where the Cloud Director Appliance 10.5 is running could sidestep authentication measures when connecting through SSH on port 22 or the appliance management console on port 5480.
This security issue does it exist in fresh installations of the appliance. VMware attributes the vulnerability to the usage of a compromised sssd version from the underlying Photon OS.
The company assures customers that applying this script will not necessitate system downtime or disrupt Cloud Director's operations.
|Trend Micro Releases Patches for Critical Vulnerabilities in …|
|Arcserve Unified Data Protection reports three critical issues, …|
|IBM Security Guardium critical vulnerability allows execution arbitrary …|
|Privilege escalation vulnerability in Windows Kubernetes endpoints|
|SysAid zero-day flaw exploited by Cl0p hacker gang|