cbcvebase.
CVE-2016-7456
published 2016-12-29

CVE-2016-7456: VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to…

PriorityP272critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
32.79%
98.1th percentile
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

Affected

23 ranges
VendorProductVersion rangeFixed in
vmwarevsphere
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection
vmwarevsphere_data_protection

Detection & IOCsextracted from sources · hover to see the quote

processSSH login as admin (sudoer without password) using known private key
  • Detect unauthorized SSH login attempts to VMware VDP appliances using key-based authentication, particularly for the 'admin' user account, which has passwordless sudo privileges.
  • Alert on successful SSH key-based authentication to VDP appliances from unexpected or external IP addresses, as exploitation allows remote login with root privileges.
  • A Metasploit module exists for this vulnerability (linux/ssh/vmware_vdp_known_privkey); monitor for exploitation patterns consistent with this module targeting VDP appliances on SSH port 22.
  • ·VDP appliances 5.5.x through 6.1.x ship with a hardcoded SSH private key whose password is publicly known, enabling key-based authentication by default. This is a configuration-level weakness, not just a software bug.
  • ·The 'admin' user on affected VDP appliances is configured as a sudoer without a password requirement, meaning SSH access via the known key immediately grants effective root privileges.
  • ·For VDP 5.5.x and 5.8.x, no direct patch is available; the only remediation is the workaround documented in KB2147069 (disabling or replacing the known SSH key).

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.