PT-2016-7341 · Vmware · Vmware Vsphere Data Protection

Publicado

2016-12-29

Atualizado

2017-01-03

CVE-2016-7456

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware vSphere Data Protection (VDP) versions 5.5.x through 6.1.x

Description The issue allows remote attackers to obtain login access via an SSH session, as the SSH private key has a publicly known password.

Recommendations For versions 5.5.x through 6.1.x, consider changing the SSH private key password to a strong, unique password to prevent unauthorized access. As a temporary workaround, restrict SSH access to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

CVE-2016-7456

Produtos afetados

Vmware Vsphere Data Protection

PT-2016-7341 · Vmware · Vmware Vsphere Data Protection

CVE-2016-7456

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6