#VU9825 Improper authentication in vSphere Data Protection - CVE-2017-15548
Published: January 2, 2018 / Updated: January 2, 2018
Vulnerability identifier: #VU9825
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-15548
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
vSphere Data Protection
vSphere Data Protection
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
The vulnerability exists due to undisclosed error, which can be used to bypass authentication and gain unauthorized root access to the affected system.
Remediation
Install the latest version 6.0.7 or 6.1.6.