Executive Summary
Summary | |
---|---|
Title | - vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue |
Informations | |||
---|---|---|---|
Name | VMSA-2016-0024 | First vendor Publication | 2016-12-20 |
Vendor | VMware | Last vendor Modification | 2017-06-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc Ströbel aka phroxvs from HvS-Consulting for reporting this issue to VMware. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7456 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2016-0024.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Metasploit Database
id | Description |
---|---|
2016-12-20 | VMware VDP Known SSH Key |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-09 | Name : A virtualization appliance installed on the remote host is affected by an aut... File : vmware_VMSA-2016-0024.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:15 |
|
2017-06-06 21:23:13 |
|
2017-01-10 13:20:34 |
|
2016-12-29 21:25:16 |
|
2016-12-29 13:22:01 |
|
2016-12-20 21:23:27 |
|