SSH Vulnerability in VMware Photos OS Affecting Remote Access Security
CVE-2016-5333

9.8CRITICAL

Key Information:

Vendor

Vmware
Status
Photon Os
Vendor
CVE Published:
31 August 2016

What is CVE-2016-5333?

VMware Photos OS OVA 1.0 prior to August 14, 2016, contains a security flaw where a default SSH public key is present in the authorized_keys file. This critical oversight enables remote attackers to gain unauthorized SSH access by exploiting knowledge of the corresponding private key. Organizations using affected versions should take immediate action to remove the default key and enhance their security measures.

References

http://www.securitytracker.com/id/1036628
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92474
vdb-entryx_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2016-0012....
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.