Hard-Coded Password Vulnerability in Dell EMC Products
CVE-2018-1216

9.8CRITICAL

Key Information:

Vendor
Dell
Status
Vapp Manager Which Is Embedded In Dell Emc Unisphere For Vmax, Dell Emc Solutions Enabler, Dell Emc Vasa Virtual Appliances, And Dell Emc Vmax Embedded Management (emanagement)
Vendor
CVE Published:
8 March 2018

Summary

A hard-coded password vulnerability exists within vApp Manager, a component of Dell EMC products, which embeds an undocumented default account (smc) with a hard-coded password. This security flaw affects specific versions of Dell EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and VMAX Embedded Management. A knowledgeable remote attacker could exploit vulnerable web servlets using this hard-coded password, allowing unauthorized access to the system. Importantly, this account cannot be accessed through the web user interface, but its existence poses significant security risks to affected implementations.

Affected Version(s)

vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement) vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)

References

http://www.securityfocus.com/bid/103039
vdb-entryx_refsource_BID
https://www.tenable.com/security/research/tra-2018-03
x_refsource_MISC
http://www.securitytracker.com/id/1040383
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.