Executive Summary

Summary
Title- vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
Informations
NameVMSA-2016-0024First vendor Publication2016-12-20
VendorVMwareLast vendor Modification2017-06-06
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. VDP SSH key-based authentication issue

VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges.

VMware would like to thank Marc Ströbel aka phroxvs from HvS-Consulting for reporting this issue to VMware.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7456 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2016-0024.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application22

Nessus® Vulnerability Scanner

DateDescription
2017-01-09Name : A virtualization appliance installed on the remote host is affected by an aut...
File : vmware_VMSA-2016-0024.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2017-06-06 21:23:13
  • Multiple Updates
2017-01-10 13:20:34
  • Multiple Updates
2016-12-29 21:25:16
  • Multiple Updates
2016-12-29 13:22:01
  • Multiple Updates
2016-12-20 21:23:27
  • First insertion