CVE-2017-4914& CVE-2017-4917: VMware vSphere Data Protection (VDP) Vulnerability – Penetration Testing

VMware vSphere® Data Protection™ is a backup and recovery solution from VMware. It is fully integrated with VMware vCenter Server™ and VMware vSphere Web Client, providing disk-based backup of virtual machines and applications. vSphere Data Protection is based on the industry-leading EMC® Avamar® deduplication backup and recovery software.

Recently, VMware published two vulnerabilities that exist in vSphere Data Protection (VDP): VDP Java Deserialization Vulnerability – CVE-2017-4914, which could be exploited remotely by the attacker, and VDP local storage vCenter server credentials vulnerability (CVE-2017-4917), the local storage credentials to take the encryption method is reversible, the attacker may obtain clear text credentials. VMware has released the relevant upgrade patch to fix the vulnerability.

Affected version

VSphere Data Protection (VDP) version 6.1.x <6.1.4

VSphere Data Protection (VDP) version 6.0.x <6.0.5

VSphere Data Protection (VDP) version 5.8.x.

VSphere Data Protection (VDP) version 5.5.x.

How to fix

For users who use VDP 6.1.x, please upgrade to VSphere Data Protection version (VDP) 6.1.4

For users who use VDP 6.0.x, 5.8.x, 5.5.x, please upgrade to VSphere Data Protection version (VDP) 6.0.5

For more information, please refer to: http://ift.tt/1rvjCdp

The post CVE-2017-4914& CVE-2017-4917: VMware vSphere Data Protection (VDP) Vulnerability appeared first on Penetration Testing. http://ift.tt/2s2QYpG http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s