Patch/Configuration Management, Vulnerability Management

Dell EMC issues patches for two remote access vulnerabilities

Dell EMC issued an advisories and updates for a pair of vulnerabilities found in the company's Dell EMC VMAX Virtual Appliance (vApp) Manager.

The issues, which were posted to Seclists.org on February 14, are recorded as CVE-2018-1215 and CVE-2018-1216 and when used together can allow an attacker to compromise a system. The vApp manager is embedded in Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514 and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.

CVE-2018-1215 is an arbitrary file upload vulnerability that if exploited would allow a threat actor to upload malicious crafted files.

CVE-2018-1216 is a hard-coded password problem that contains an undocumented default account contains a hard-coded password that a remote attacker who knows this password and the proper message format may use vulnerable servlets to gain access to a system.

Dell has issued updates that fix the vulnerabilities and the company is encouraging anyone running this software to immediately apply the patch.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds