Security Advisory 2023-089

Release Date:

VMware Cloud Director Critical Vulnerability



  • 20/11/2023 --- v1.0 -- Initial publication


On November 14, 2023, VMware issued an advisory about a critical authentication bypass vulnerability, CVE-2023-34060, affecting Cloud Director Appliance. The CVSSv3 score is 9.8, indicating a critical level of severity. This vulnerability is present on an upgraded version of VMware Cloud Director Appliance [1].

Technical Details

The vulnerability CVE-2023-34060 allows a malicious actor with network access to bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider and tenant login) or in new installations of VMware Cloud Director Appliance 10.5.

Affected Products

VMware Cloud Director Appliance (VCD Appliance) 10.5 if upgraded from 10.4.x or below.


It is recommended applying fixes as soon as possible [2].


When it is not possible to update the last fixed version, one can apply the workaround published by VMWare [2].




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.