CVE-2015-0529
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
EMC PowerPath Virtual Appliance (también conocida como vApp) anterior a 2.0 tiene contraseñas por defecto para las cuentas (1) emcupdate y (2) svcuser, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de una sesión de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-17 CVE Reserved
- 2015-04-01 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html | Third Party Advisory |
|
| http://seclists.org/bugtraq/2015/Apr/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Powerpath Virtual Appliance Search vendor "Emc" for product "Powerpath Virtual Appliance" | <= 1.2 Search vendor "Emc" for product "Powerpath Virtual Appliance" and version " <= 1.2" | - |
Affected
| ||||||