Authentication bypass in EMC Unisphere
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-14375 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
EMC Unisphere Server applications / Other server solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication bypass
EUVDB-ID: #VU9081
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14375
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to the target system.
The weakness exists due to improper access controls. A remote attacker can supply specially crafted AMF messages to the target vApp Manager servlet, bypass authentication and create new user accounts with administrative privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update EMC Unisphere to version 8.3.0.10 or 8.4.0.15.
Vulnerable software versionsEMC Unisphere: 8.0.0 - 8.4
External linkshttp://seclists.org/fulldisclosure/2017/Oct/70
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
