Vulnerability identifier: #VU9825
Vulnerability risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
vSphere Data Protection
Client/Desktop applications /
Other client software
Vendor: VMware, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
Mitigation
Install the latest version 6.0.7 or 6.1.6.
Vulnerable software versions
vSphere Data Protection: 5.8 - 6.1.5
External links
http://www.vmware.com/security/advisories/VMSA-2018-0001.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.