CNVD-2018-19281

Vulnerability from cnvd - Published: 2018-09-19
VLAI Severity ?
Title
Dell EMC Unity验证绕过漏洞
Description
Dell EMC Unity是一款专为闪存设计的完全统一的存储阵列。 Dell EMC Unity存在验证绕过漏洞,经过远程身份验证的用户可利用此漏洞直接与Unity OE的某些API进行交互来读取NAS服务器中的文件,从而绕过仅在Unisphere GUI中实现的基于角色的授权控制。
Severity
Patch Name
Dell EMC Unity验证绕过漏洞的补丁
Patch Description
Dell EMC Unity是一款专为闪存设计的完全统一的存储阵列。 Dell EMC Unity存在验证绕过漏洞,经过远程身份验证的用户可利用此漏洞直接与Unity OE的某些API进行交互来读取NAS服务器中的文件,从而绕过仅在Unisphere GUI中实现的基于角色的授权控制。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: https://support.emc.com/downloads/39949_Dell-EMC-Unity-Family

Reference
https://seclists.org/fulldisclosure/2018/Sep/30
Impacted products
Name
['Dell EMC Unity Operating Environment (OE) <4.3.1.1525703027', 'Dell EMC UnityVSA Operating Environment (OE) <4.3.1.1525703027']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1250"
    }
  },
  "description": "Dell EMC Unity\u662f\u4e00\u6b3e\u4e13\u4e3a\u95ea\u5b58\u8bbe\u8ba1\u7684\u5b8c\u5168\u7edf\u4e00\u7684\u5b58\u50a8\u9635\u5217\u3002\r\n\r\nDell EMC Unity\u5b58\u5728\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8fdc\u7a0b\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u76f4\u63a5\u4e0eUnity OE\u7684\u67d0\u4e9bAPI\u8fdb\u884c\u4ea4\u4e92\u6765\u8bfb\u53d6NAS\u670d\u52a1\u5668\u4e2d\u7684\u6587\u4ef6\uff0c\u4ece\u800c\u7ed5\u8fc7\u4ec5\u5728Unisphere GUI\u4e2d\u5b9e\u73b0\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u6388\u6743\u63a7\u5236\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.emc.com/downloads/39949_Dell-EMC-Unity-Family",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19281",
  "openTime": "2018-09-19",
  "patchDescription": "Dell EMC Unity\u662f\u4e00\u6b3e\u4e13\u4e3a\u95ea\u5b58\u8bbe\u8ba1\u7684\u5b8c\u5168\u7edf\u4e00\u7684\u5b58\u50a8\u9635\u5217\u3002\r\n\r\nDell EMC Unity\u5b58\u5728\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8fdc\u7a0b\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u76f4\u63a5\u4e0eUnity OE\u7684\u67d0\u4e9bAPI\u8fdb\u884c\u4ea4\u4e92\u6765\u8bfb\u53d6NAS\u670d\u52a1\u5668\u4e2d\u7684\u6587\u4ef6\uff0c\u4ece\u800c\u7ed5\u8fc7\u4ec5\u5728Unisphere GUI\u4e2d\u5b9e\u73b0\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u6388\u6743\u63a7\u5236\u3002\r\n\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Unity\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Unity Operating Environment (OE) \u003c4.3.1.1525703027",
      "Dell EMC UnityVSA Operating Environment (OE) \u003c4.3.1.1525703027"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Sep/30",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-19",
  "title": "Dell EMC Unity\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.