漏洞类别:Hardware
漏洞等级: 
漏洞信息
vSphere Data Protection is a backup and recovery solution designed for vSphere environments. Powered by EMC Avamar, it provides agentless, image-level virtual-machine backups to disk.
vSphere Data Protection suffers from following vulnerabilities:
CVE-2017-4914: vSphere Data Protection contains Java Deserialization issue which allows an unauthenticated,remote attacker to execute commands on the appliance.
CVE-2017-4917: vSphere Data Protection locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Affected Versions:
vSphere Data Protection 6.1.x prior to version 6.1.4
vSphere Data Protection 6.0.x prior to version 6.0.5
vSphere Data Protection 5.8.x prior to version 6.0.5
vSphere Data Protection 5.5.x prior to version 6.0.5
漏洞危害
Depending on the vulnerability being exploited, an unauthenticated, remote attacker can execute arbitrary commands on the appliance or a local attacker could retrieve vCenter Server credentials in plain text.
解决方案
Please refer to VMSA-2017-0010 for more information about patching this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论