🆘 VMware raises the alarm about an UNPATCHED security flaw (CVE-2023–34060) in Cloud Director, which could allow attackers to bypass authentication on SSH and appliance management console ports. Learn more ➡️
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.
Tracked as CVE-2023–34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.
“On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5,480 (appliance management console),” the company said in an alert.
Leave a reply