Cloud computing and virtualization expertise large VMware on Tuesday rushed out an pressing patch for a gaping authentication bypass bug affecting its Cloud Director Equipment product.
The vulnerability, tagged as CVE-2023-34060, carries a CVSS severity-score of 9.8 out of 10 and might be exploited by a malicious actor with community entry to the equipment to bypass login restrictions when authenticating on sure ports.
The corporate’s security response crew mentioned the code defect impacts the VMware Cloud Director Equipment (VCD Equipment), particularly in cases the place the equipment has been upgraded to model 10.5 from an older model.
“On a brand new set up of VMware Cloud Director Equipment 10.5, the bypass is just not current,” in accordance with a important bulletin documenting the problem.
The corporate mentioned the vulnerability originates from the underlying Photon OS however emphasised that different home equipment will not be impacted by the authentication bypass bug.
VMware is recommending that companies utilizing the Cloud Director Equipment observe its documented steering to mitigate the problem.