SSH Vulnerability in VMware Photos OS Affecting Remote Access Security
CVE-2016-5333

9.8CRITICAL

Key Information:

Vendor

Vmware

Status
Vendor
CVE Published:
31 August 2016

What is CVE-2016-5333?

VMware Photos OS OVA 1.0 prior to August 14, 2016, contains a security flaw where a default SSH public key is present in the authorized_keys file. This critical oversight enables remote attackers to gain unauthorized SSH access by exploiting knowledge of the corresponding private key. Organizations using affected versions should take immediate action to remove the default key and enhance their security measures.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.