Hard-coded Password Vulnerability in EMC Data Protection Advisor
CVE-2017-8013

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Emc Data Protection Advisor
Vendor: CVE Published:; 16 March 2018

What is CVE-2017-8013?

EMC Data Protection Advisor versions 6.3.x prior to patch 67 and 6.4.x prior to patch 130 are susceptible to a vulnerability that involves undocumented accounts featuring hard-coded passwords. These accounts include 'Apollo System Test', 'emc.dpa.agent.logon', and 'emc.dpa.metrics.logon', which could allow an attacker who has discovered the passwords to exploit the REST APIs. This exploitation can lead to unauthorized access, potentially providing administrative privileges, thereby compromising the integrity of the EMC Data Protection Advisor.

Affected Version(s)

EMC Data Protection Advisor 6.3.x

EMC Data Protection Advisor 6.4.x

References

http://www.securitytracker.com/id/1039370

vdb-entryx_refsource_SECTRACK

http://seclists.org/fulldisclosure/2017/Sep/36

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/100846

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2018
Vulnerability Reserved
Apr 21, 2017

Dell

What is CVE-2017-8013?

Affected Version(s)

References

CVSS V3.1

Timeline