PT-2016-7341 · Vmware · Vmware Vsphere Data Protection

Published

2016-12-29

Updated

2017-01-03

CVE-2016-7456

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware vSphere Data Protection (VDP) versions 5.5.x through 6.1.x

Description The issue allows remote attackers to obtain login access via an SSH session, as the SSH private key has a publicly known password.

Recommendations For versions 5.5.x through 6.1.x, consider changing the SSH private key password to a strong, unique password to prevent unauthorized access. As a temporary workaround, restrict SSH access to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2016-7456

Affected Products

Vmware Vsphere Data Protection

PT-2016-7341 · Vmware · Vmware Vsphere Data Protection

CVE-2016-7456

Weakness Enumeration

Related Identifiers

Affected Products

References · 6