CVE-2016-7456

CRITICAL

VMware vSphere Data Protection 5.5.x-6.1.x - Unauthenticated SSH Login via Default Private Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7456. PoCs published by phroxvs, including Metasploit module exploits/linux/ssh/vmware_vdp_known_privkey.

AI-analyzed exploit summary This Metasploit module exploits a known SSH private key vulnerability in VMware vSphere Data Protection appliances, allowing authentication as the 'admin' user with sudo privileges. It leverages a hardcoded RSA private key to establish an SSH session and gain command execution.

Description

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

Exploits (1)

metasploit WORKING POC EXCELLENT
by phroxvs · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb

This Metasploit module exploits a known SSH private key vulnerability in VMware vSphere Data Protection appliances, allowing authentication as the 'admin' user with sudo privileges. It leverages a hardcoded RSA private key to establish an SSH session and gain command execution.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: VMware vSphere Data Protection 5.5.x through 6.1.x
No auth needed
Prerequisites: Network access to the target SSH port (22) · Target system must be running a vulnerable version of VMware vSphere Data Protection
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037502
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94990

Scores

CVSS v3 9.8
EPSS 0.8212
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-255
Status published
Products (22)
vmware/vsphere_data_protection 5.5.1
vmware/vsphere_data_protection 5.5.5
vmware/vsphere_data_protection 5.5.6
vmware/vsphere_data_protection 5.5.7
vmware/vsphere_data_protection 5.5.8
vmware/vsphere_data_protection 5.5.9
vmware/vsphere_data_protection 5.5.10
vmware/vsphere_data_protection 5.5.11
vmware/vsphere_data_protection 5.8.0
vmware/vsphere_data_protection 5.8.1
... and 12 more
Published Dec 29, 2016
Tracked Since Feb 18, 2026