VMware vSphere Data Protection Authentication Bypass Vulnerability – VMSA-2018-0001

January 5, 2018 Duncan 3035 Views 0 Comments VMSA-2018-0001, VMware, vSphere 1 min read

A vulnerability in VMware vSphere Data Protection (VDP) (VMSA-2018-0001) could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

The vulnerability is due to an undisclosed condition that could allow authentication bypass. An attacker could exploit this vulnerability to bypass authentication and gain root access to a targeted system. Successful exploitation could result in a complete system compromise.

VMware has confirmed the vulnerability and released software updates.

Analysis

A successful exploit of this vulnerability could allow an attacker to gain unauthorized root access to a targeted system, which could result in a complete system compromise.

Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

Vendor Announcements

VMware has released a security advisory at the following link: VMSA-2018-0001

Fixed Software

VMware has released software updates at the following links:

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

VMware vSphere Data Protection Authentication Bypass Vulnerability – VMSA-2018-0001

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply