CNVD-2018-06092

Vulnerability from cnvd - Published: 2018-03-23
VLAI Severity ?
Title
多款Dell产品vApp Manager未授权访问漏洞
Description
Dell EMC Unisphere for VMAX Virtual Appliance等都是美国戴尔(Dell)公司的产品。Dell EMC Unisphere for VMAX Virtual Appliance(vApp)是一款针对VMAX存储阵列的管理工具。EMC Solutions Enabler Virtual Appliance是一款解决方案应用虚拟设备。vApp Manager是其中的一个vApp管理工具。 多款Dell产品中的vApp Manager存在安全漏洞,该漏洞源于默认的账户(smc)使用了硬编码密码。远程攻击者可利用该漏洞获取未授权的系统访问权限。
Severity
Patch Name
多款Dell产品vApp Manager未授权访问漏洞的补丁
Patch Description
Dell EMC Unisphere for VMAX Virtual Appliance等都是美国戴尔(Dell)公司的产品。Dell EMC Unisphere for VMAX Virtual Appliance(vApp)是一款针对VMAX存储阵列的管理工具。EMC Solutions Enabler Virtual Appliance是一款解决方案应用虚拟设备。vApp Manager是其中的一个vApp管理工具。 多款Dell产品中的vApp Manager存在安全漏洞,该漏洞源于默认的账户(smc)使用了硬编码密码。远程攻击者可利用该漏洞获取未授权的系统访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.emc.com

Reference
http://seclists.org/fulldisclosure/2018/Feb/41
Impacted products
Name
['Dell EMC VMAX Embedded Management 1.4', 'Dell EMC VASA Virtual Appliance 8.4.0.512', 'Dell EMC Unisphere for VMAX 8.3', 'Dell EMC Unisphere for VMAX 8.2', 'Dell EMC Unisphere for VMAX 8.4.0.15', 'Dell EMC Solutions Enabler 8.1.0.3', 'Dell EMC Solutions Enabler 8.4.0.15', 'Dell EMC Solutions Enabler 8.2', 'Dell EMC Solutions Enabler 8.3']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "103039"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1216"
    }
  },
  "description": "Dell EMC Unisphere for VMAX Virtual Appliance\u7b49\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Unisphere for VMAX Virtual Appliance\uff08vApp\uff09\u662f\u4e00\u6b3e\u9488\u5bf9VMAX\u5b58\u50a8\u9635\u5217\u7684\u7ba1\u7406\u5de5\u5177\u3002EMC Solutions Enabler Virtual Appliance\u662f\u4e00\u6b3e\u89e3\u51b3\u65b9\u6848\u5e94\u7528\u865a\u62df\u8bbe\u5907\u3002vApp Manager\u662f\u5176\u4e2d\u7684\u4e00\u4e2avApp\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eDell\u4ea7\u54c1\u4e2d\u7684vApp Manager\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u7684\u8d26\u6237\uff08smc\uff09\u4f7f\u7528\u4e86\u786c\u7f16\u7801\u5bc6\u7801\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Carlos Perez from Tenable",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.emc.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06092",
  "openTime": "2018-03-23",
  "patchDescription": "Dell EMC Unisphere for VMAX Virtual Appliance\u7b49\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Unisphere for VMAX Virtual Appliance\uff08vApp\uff09\u662f\u4e00\u6b3e\u9488\u5bf9VMAX\u5b58\u50a8\u9635\u5217\u7684\u7ba1\u7406\u5de5\u5177\u3002EMC Solutions Enabler Virtual Appliance\u662f\u4e00\u6b3e\u89e3\u51b3\u65b9\u6848\u5e94\u7528\u865a\u62df\u8bbe\u5907\u3002vApp Manager\u662f\u5176\u4e2d\u7684\u4e00\u4e2avApp\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eDell\u4ea7\u54c1\u4e2d\u7684vApp Manager\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u7684\u8d26\u6237\uff08smc\uff09\u4f7f\u7528\u4e86\u786c\u7f16\u7801\u5bc6\u7801\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eDell\u4ea7\u54c1vApp Manager\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC VMAX Embedded Management 1.4",
      "Dell EMC VASA Virtual Appliance 8.4.0.512",
      "Dell EMC Unisphere for VMAX 8.3",
      "Dell EMC Unisphere for VMAX 8.2",
      "Dell EMC Unisphere for VMAX 8.4.0.15",
      "Dell EMC Solutions Enabler 8.1.0.3",
      "Dell EMC Solutions Enabler 8.4.0.15",
      "Dell EMC Solutions Enabler 8.2",
      "Dell EMC Solutions Enabler 8.3"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Feb/41",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-12",
  "title": "\u591a\u6b3eDell\u4ea7\u54c1vApp Manager\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.