Improper authentication in vSphere Data Protection - CVE-2017-15548
Published: January 2, 2018 / Updated: January 2, 2018
Vulnerability identifier: #VU9825
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-15548
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
vSphere Data Protection
vSphere Data Protection
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
How to mitigate CVE-2017-15548
Install the latest version 6.0.7 or 6.1.6.