On 14 November, VMware disclosed a critical vulnerability consisting of a misconfiguration of pluggable authentication module (PAM) files enabling a potential unauthorized attacker with network access to gain access to the system via secure shell (port 22) or appliance management console (port 5480). The vulnerability has no patch; however, VMware provided a workaround consistent with a specific PAM configuration.
Clipeus