Security Alert (A18-01-01): Multiple Vulnerabilities in VMware vSphere Data Protection


 

Published on: 03 January 2018

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities found in VMware vSphere Data Protection (VDP) version 5.x, 6.0.x, 6.1.x. An attacker could remote exploit the vulnerabilities on the VDP enabled system.

 

Affected Systems:

  • VMware vSphere Data Protection version 5.x, 6.0.x, 6.1.x

 

Impact:

Successful exploitation of the vulnerabilities could lead to authentication bypass, privilege escalation, unauthorised path traversal or unauthorised files upload on an affected system.

 

Recommendation:

The product vendor has released new versions to address the issues at the vendor's website:

  • vSphere Data Protection (VDP) 6.0.7
    https://my.vmware.com/group/vmware/details?productId=491&downloadGroup=VDP60_7

  • vSphere Data Protection (VDP) 6.1.6
    https://my.vmware.com/group/vmware/details?productId=491&downloadGroup=VDP616

System administrators may contact their product support vendors for the fixes and assistance.

 

More Information:

https://www.vmware.com/security/advisories/VMSA-2018-0001.html
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/data-protection-607-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/data-protection-616-release-notes.html
https://www.us-cert.gov/ncas/current-activity/2018/01/02/VMware-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15548
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15549
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15550

 



Tag: VMware , vSphere , VDP
Tags