Lucene search

K
hiveproHiveForce LabsHIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2
HistoryNov 17, 2023 - 8:07 a.m.

VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance

2023-11-1708:07:39
HiveForce Labs
www.hivepro.com
36
vmware
authentication bypass
vulnerability
cloud director
appliance
cve-2023-34060
exploitation
hiveforce labs
linkedin

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by a malicious actor to circumvent authentication protections in Cloud Director. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

Related for HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2