Remote Service Exploit in Dell Storage Manager Software for Windows
CVE-2017-14374

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Dell Storage Manager 2016 Dell Storage Manager Versions Earlier Than 16.3.20
Vendor: CVE Published:; 6 December 2017

What is CVE-2017-14374?

The SMI-S service in Dell Storage Manager for Windows contains a significant security flaw due to a hard-coded password that protects the service. An attacker with knowledge of this password could send crafted HTTP requests to disable the SMI-S service, compromising the storage management and monitoring capabilities offered by the SMI-S interface. This vulnerability exclusively impacts versions of Dell Storage Manager prior to 16.3.20, specifically in Windows installations, and does not affect virtual appliance configurations.

Affected Version(s)

Dell Storage Manager 2016 Dell Storage Manager earlier than 16.3.20 Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20

References

http://topics-cdn.dell.com/pdf/storage-sc2000_release%20n...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2017
Vulnerability Reserved
Sep 12, 2017

JSON