• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
urgent: vmware warns of unpatched critical cloud director vulnerability

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

You are here: Home / General Cyber Security News / Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
November 15, 2023

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a destructive actor to get about authentication protections.

Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts scenarios that have been upgraded to edition 10.5 from an older model.

“On an upgraded variation of VMware Cloud Director Appliance 10.5, a destructive actor with network access to the appliance can bypass login limits when authenticating on port 22 (ssh) or port 5480 (equipment administration console),” the corporation claimed in an alert.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“This bypass is not existing on port 443 (VCD service provider and tenant login). On a new installation of VMware Cloud Director Equipment 10.5, the bypass is not existing.”

The virtualization providers company further pointed out that the influence is because of to the point that it utilizes a variation of sssd from the fundamental Photon OS that is impacted by CVE-2023-34060.

Cybersecurity

Dustin Hartle from IT answers provider Best Integrations has been credited with discovering and reporting the shortcomings.

Although VMware has yet to launch a fix for the challenge, it has offered a workaround in the type of a shell script (“WA_CVE-2023-34060.sh”).

It also emphasized utilizing the short term mitigation will neither require downtime nor have a aspect-effect on the features of Cloud Director installations.

The improvement will come months after VMware released patches for another critical flaw in the vCenter Server (CVE-2023-34048, CVSS rating: 9.8) that could consequence in distant code execution on afflicted programs.

Located this posting exciting? Abide by us on Twitter  and LinkedIn to examine much more unique content material we article.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «cachewarp attack: new vulnerability in amd sev exposes encrypted vms CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
Next Post: Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities alert: microsoft releases patch updates for 5 new zero day vulnerabilities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.