CVE-2018-1216
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface.
Se ha descubierto una vulnerabilidad de contraseña embebida en vApp Manager que está embebido en Dell EMC Unisphere para VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances y Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere para VMAX Virtual Appliance en versiones anteriores a la 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance en versiones anteriores a la 8.4.0.21, Dell EMC VASA Virtual Appliance en versiones anteriores a la 8.4.0.514, y Dell EMC VMAX Embedded Management (eManagement) en su versión 1.4 y anteriores (Enginuity Release 5977.1125.1125 y anteriores). Contienen una cuenta por defecto (smc) no documentada con una contraseña embebida que se podría utilizar con determinados servlets web. Un atacante remoto que conozca la contraseña embebida y el formato del mensaje podría utilizar los servlets vulnerables para obtener acceso no autorizado al sistema. Nota: esta cuenta no se puede utilizar para iniciar sesión mediante la interfaz de usuario web.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2018-02-13 CVE Published
- 2023-12-22 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Feb/41 | Mailing List |
|
| http://www.securityfocus.com/bid/103039 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040383 | Third Party Advisory | |
| https://www.tenable.com/security/research/tra-2018-03 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Solutions Enabler Virtual Appliance Search vendor "Dell" for product "Emc Solutions Enabler Virtual Appliance" | < 8.4.0.21 Search vendor "Dell" for product "Emc Solutions Enabler Virtual Appliance" and version " < 8.4.0.21" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Unisphere For Vmax Virtual Appliance Search vendor "Dell" for product "Emc Unisphere For Vmax Virtual Appliance" | < 8.4.0.18 Search vendor "Dell" for product "Emc Unisphere For Vmax Virtual Appliance" and version " < 8.4.0.18" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Vasa Virtual Appliance Search vendor "Dell" for product "Emc Vasa Virtual Appliance" | < 8.4.0.514 Search vendor "Dell" for product "Emc Vasa Virtual Appliance" and version " < 8.4.0.514" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Vmax Embedded Management Search vendor "Dell" for product "Emc Vmax Embedded Management" | <= 1.4 Search vendor "Dell" for product "Emc Vmax Embedded Management" and version " <= 1.4" | - |
Affected
| ||||||