CVE-2016-7456
published 2016-12-29CVE-2016-7456: VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to…
PriorityP272critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
32.79%
98.1th percentile
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vsphere | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthorized SSH login attempts to VMware VDP appliances using key-based authentication, particularly for the 'admin' user account, which has passwordless sudo privileges. ↗
- →Alert on successful SSH key-based authentication to VDP appliances from unexpected or external IP addresses, as exploitation allows remote login with root privileges. ↗
- →A Metasploit module exists for this vulnerability (linux/ssh/vmware_vdp_known_privkey); monitor for exploitation patterns consistent with this module targeting VDP appliances on SSH port 22. ↗
- ·VDP appliances 5.5.x through 6.1.x ship with a hardcoded SSH private key whose password is publicly known, enabling key-based authentication by default. This is a configuration-level weakness, not just a software bug. ↗
- ·The 'admin' user on affected VDP appliances is configured as a sudoer without a password requirement, meaning SSH access via the known key immediately grants effective root privileges. ↗
- ·For VDP 5.5.x and 5.8.x, no direct patch is available; the only remediation is the workaround documented in KB2147069 (disabling or replacing the known SSH key). ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
vendor_vmware·2016-12-20·CVSS 9.8
CVE-2016-7456 [CRITICAL] vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
VMSA-2016-0024: vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc Ströbel aka phroxvs from HvS-Consulting for reporting this issue to VMware. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7456 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Severity Replace with/ Apply Patc
GHSA
GHSA-x872-hfmg-7gqf: VMware vSphere Data Protection (VDP) 5
ghsa_unreviewed·2022-05-17
CVE-2016-7456 [CRITICAL] GHSA-x872-hfmg-7gqf: VMware vSphere Data Protection (VDP) 5
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
OSV
libgd2 vulnerabilities
osv·2016-07-11·CVSS 7.6
CVE-2013-7456 libgd2 vulnerabilities
libgd2 vulnerabilities
It was discovered that the GD library incorrectly handled memory when using
gdImageScaleTwoPass(). A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2013-7456)
It was discovered that the GD library incorrectly handled certain malformed
XBM images. If a user or automated system were tricked into processing a
specially crafted XBM image, an attacker could cause a denial of service.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04
LTS. (CVE-2016-5116)
It was discovered that the GD library incorrectly handled memory when using
_gd2GetHeader(). A remote attacker could possibly use this issue to cause a
denial of service or possibly execute arbitrary code. (CVE-2016-5766)
No detection rules found.
2016-12-29
Published