SB2018010204 - Multiple vulnerabilities in vSphere Data Protection (VDP)
Published: January 2, 2018
Security Bulletin ID
SB2018010204
CSH Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2017-15548)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
2) Arbitrary file upload (CVE-ID: CVE-2017-15549)
CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an error, which allows a remote authenticated user upload files with any extension to arbitrary location on the system. A remote authenticated low privileged user can execute arbitrary code on the target system.
3) Path traversal (CVE-ID: CVE-2017-15550)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to view contents of arbitrary file.
The vulnerability exists due to insufficient sanitization of the user-supplied data. A remote authenticated attacker with low privileges can use path traversal characters (e.g. "../") to view contents of arbitrary file on the filesystem.
Remediation
Install update from vendor's website.