1. CVE-Search
  2. CVE-2016-7456
ID CVE-2016-7456
Summary VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-01-2017 - 18:43)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 94990
confirm http://www.vmware.com/security/advisories/VMSA-2016-0024.html
sectrack 1037502
Last major update 03-01-2017 - 18:43
Published 29-12-2016 - 09:59
Last modified 03-01-2017 - 18:43
Back to Top