CVE-2018-1215
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.
Se ha descubierto una vulnerabilidad de subida de archivos arbitrarios en vApp Manager que está embebido en Dell EMC Unisphere para VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances y Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere para VMAX Virtual Appliance en versiones anteriores a la 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance en versiones anteriores a la 8.4.0.21, Dell EMC VASA Virtual Appliance en versiones anteriores a la 8.4.0.514, y Dell EMC VMAX Embedded Management (eManagement) en su versión 1.4 y anteriores (Enginuity Release 5977.1125.1125 y anteriores). Un usuario remoto malicioso podría cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicación del servidor web. Encadenando esta vulnerabilidad con CVE-2018-1216, el atacante podría utilizar la cuenta por defecto para explotar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2018-02-13 CVE Published
- 2023-07-30 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Feb/41 | Mailing List |
|
| http://www.securityfocus.com/bid/103039 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040383 | Third Party Advisory | |
| https://www.tenable.com/security/research/tra-2018-03 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Solutions Enabler Virtual Appliance Search vendor "Dell" for product "Emc Solutions Enabler Virtual Appliance" | < 8.4.0.21 Search vendor "Dell" for product "Emc Solutions Enabler Virtual Appliance" and version " < 8.4.0.21" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Unisphere For Vmax Virtual Appliance Search vendor "Dell" for product "Emc Unisphere For Vmax Virtual Appliance" | < 8.4.0.18 Search vendor "Dell" for product "Emc Unisphere For Vmax Virtual Appliance" and version " < 8.4.0.18" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Vasa Virtual Appliance Search vendor "Dell" for product "Emc Vasa Virtual Appliance" | < 8.4.0.514 Search vendor "Dell" for product "Emc Vasa Virtual Appliance" and version " < 8.4.0.514" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Vmax Embedded Management Search vendor "Dell" for product "Emc Vmax Embedded Management" | <= 1.4 Search vendor "Dell" for product "Emc Vmax Embedded Management" and version " <= 1.4" | - |
Affected
| ||||||