Main Vulnerability Database Exploits ID:10722 - Exploit for Improper Authentication in VMware Cloud Director - CVE-2023-34060

ID:10722 - Exploit for Improper Authentication in VMware Cloud Director - CVE-2023-34060

Published: October 25, 2024

Vulnerability identifier: #VU83073

Vulnerability risk: High

CVE-ID: CVE-2023-34060

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
VMware Cloud Director

Link to public exploit:

https://www.exploit-db.com/exploits/51882/

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an unspecified error that occurred after upgrading from previous versions to version 10.5.0. A remote attacker can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) and gain unauthorized access to the appliance.

Note, the vulnerability is present only in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version.

Remediation

Install updates from vendor's website.

ID:10722 - Exploit for Improper Authentication in VMware Cloud Director - CVE-2023-34060

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human