← Zuruck zu CVEs

CVE-2017-8011

CRITICAL

9.8

Beschreibung

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/17/2017

Zuletzt geandert4/20/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

dell:emc_m\&rdell:emc_storage_monitoring_and_reportingdell:emc_vipr_srmdell:emc_vnx_monitoring_and_reporting

Schwachen (CWE)

CWE-798

Referenzen

http://seclists.org/fulldisclosure/2017/Jul/21(security_alert@emc.com)

http://www.securityfocus.com/bid/99555(security_alert@emc.com)

http://www.securitytracker.com/id/1038905(security_alert@emc.com)

http://seclists.org/fulldisclosure/2017/Jul/21(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/99555(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1038905(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.