CVE-2023-34060: 
Linux Photon vulnerability analysis and mitigation

CVE-2023-34060 is a critical authentication bypass vulnerability discovered in VMware Cloud Director Appliance, disclosed on November 14, 2023. The vulnerability specifically affects instances that have been upgraded to version 10.5 from an older version, but does not impact new installations of version 10.5. The vulnerability was discovered by Dustin Hartle from Ideal Integrations Inc and reported privately to VMware (VMware Advisory).

The vulnerability has received a Critical severity rating with a CVSSv3 base score of 9.8. The vulnerability exists in the authentication mechanism of VMware Cloud Director Appliance and is related to an affected version of sssd from the underlying Photon OS. The bypass specifically affects authentication on port 22 (SSH) and port 5480 (appliance management console), while port 443 (VCD provider and tenant login) remains unaffected (VMware Advisory, CERT-EU).

A malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console). This could potentially allow unauthorized access to critical system functions and administrative controls (VMware Advisory, Hacker News).

VMware has provided two remediation options for affected systems: 1) Upgrade to VMware Cloud Director Appliance 10.5.1 from version 10.5, or 2) Follow the workaround guidance detailed in KB95534. The vulnerability is fixed in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5) (VMware Advisory, SOCRadar).

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert recommending immediate patching of the vulnerability. The critical nature of the vulnerability has prompted widespread attention in the cybersecurity community, with experts emphasizing the importance of swift remediation (SOCRadar).