cnvd - cnvd-2018-22244

CNVD-2018-22244

Vulnerability from cnvd - Published: 2018-10-31

Title

Dell EMC Integrated Data Protection Appliance未记录账户漏洞

Description

Dell EMC Integrated Data Protection Appliance (IDPA)是一种预先集成的交钥匙解决方案，易于部署和扩展，为各种应用程序生态系统提供全面保护。 Dell EMC Integrated Data Protection Appliance存在未记录账户漏洞，具有默认密码知识的恶意用户可能会潜在地登录系统并获得对某些系统文件的读写访问权限。

Severity

高

Patch Name

Dell EMC Integrated Data Protection Appliance未记录账户漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://download.emc.com/downloads/DL89669_Idpa_post_update_2.1.0.599285.tar.gz

Reference

https://seclists.org/fulldisclosure/2018/Oct/53

Impacted products

Name
['Dell EMC Integrated Data Protection Appliance 2.0', 'Dell EMC Integrated Data Protection Appliance 2.1', 'Dell EMC Integrated Data Protection Appliance 2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11062"
    }
  },
  "description": "Dell EMC Integrated Data Protection Appliance (IDPA)\u662f\u4e00\u79cd\u9884\u5148\u96c6\u6210\u7684\u4ea4\u94a5\u5319\u89e3\u51b3\u65b9\u6848\uff0c\u6613\u4e8e\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u4e3a\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u751f\u6001\u7cfb\u7edf\u63d0\u4f9b\u5168\u9762\u4fdd\u62a4\u3002\n\nDell EMC Integrated Data Protection Appliance\u5b58\u5728\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\u77e5\u8bc6\u7684\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6f5c\u5728\u5730\u767b\u5f55\u7cfb\u7edf\u5e76\u83b7\u5f97\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u6587\u4ef6\u7684\u8bfb\u5199\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://download.emc.com/downloads/DL89669_Idpa_post_update_2.1.0.599285.tar.gz",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22244",
  "openTime": "2018-10-31",
  "patchDescription": "Dell EMC Integrated Data Protection Appliance (IDPA)\u662f\u4e00\u79cd\u9884\u5148\u96c6\u6210\u7684\u4ea4\u94a5\u5319\u89e3\u51b3\u65b9\u6848\uff0c\u6613\u4e8e\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u4e3a\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u751f\u6001\u7cfb\u7edf\u63d0\u4f9b\u5168\u9762\u4fdd\u62a4\u3002\r\n\r\nDell EMC Integrated Data Protection Appliance\u5b58\u5728\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\u77e5\u8bc6\u7684\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6f5c\u5728\u5730\u767b\u5f55\u7cfb\u7edf\u5e76\u83b7\u5f97\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u6587\u4ef6\u7684\u8bfb\u5199\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Integrated Data Protection Appliance\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Integrated Data Protection Appliance 2.0",
      "Dell EMC Integrated Data Protection Appliance 2.1",
      "Dell EMC Integrated Data Protection Appliance 2.2"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/53",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-31",
  "title": "Dell EMC Integrated Data Protection Appliance\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e"
}

CVE-2018-11062 (GCVE-0-2018-11062)

Vulnerability from cvelistv5 – Published: 2018-11-02 22:00 – Updated: 2024-09-16 18:04

Title

Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability

Summary

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.

Severity ?

No CVSS data available.

CWE

Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability

Assigner

dell

References

URL

Tags

	https://seclists.org/fulldisclosure/2018/Oct/53	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/105764	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Dell EMC	Integrated Data Protection Appliance	Affected: 2.X , < 2.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
          },
          {
            "name": "105764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105764"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integrated Data Protection Appliance",
          "vendor": "Dell EMC",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "2.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-03T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
        },
        {
          "name": "105764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105764"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
          "ID": "CVE-2018-11062",
          "STATE": "PUBLIC",
          "TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integrated Data Protection Appliance",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "2.X",
                            "version_value": "2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
            },
            {
              "name": "105764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105764"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11062",
    "datePublished": "2018-11-02T22:00:00Z",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-09-16T18:04:27.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-22244

CVE-2018-11062 (GCVE-0-2018-11062)

Tags

Sightings

Nomenclature