ID:3760 - Exploit for Credentials management in vSphere Data Protection - CVE-2016-7456

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3760 - Exploit for Credentials management in vSphere Data Protection - CVE-2016-7456

ID:3760 - Exploit for Credentials management in vSphere Data Protection - CVE-2016-7456

Published: August 9, 2020


Vulnerability identifier: #VU39957
Vulnerability risk: High
CVE-ID: CVE-2016-7456
CWE-ID: CWE-255
Exploitation vector: Remote access
Vulnerable software:
vSphere Data Protection

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.


Remediation

Install update from vendor's website.