Authentication bypass in EMC Secure Remote Services
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-4986 |
| CWE-ID | CWE-592 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
EMC Secure Remote Services Web applications / Remote management & hosting panels |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication bypass
EUVDB-ID: #VU7122
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4986
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.
The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.
Successful exploitation of the vulnerability may result in information disclosure.
Update to version 3.20.
Vulnerable software versionsEMC Secure Remote Services: 3.0 - 3.18
CPE2.3- cpe:2.3:a:dell:emc_secure_remote_services:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_secure_remote_services:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_secure_remote_services:3.03:*:*:*:*:*:*:*
https://www.securityfocus.com/archive/1/540721/30/0/threaded
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
