Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance Family



Published: 2022-11-11 | Updated: 2023-03-09
Risk High
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2018-18494
CVE-2018-18065
CVE-2018-19477
CVE-2018-19476
CVE-2018-19475
CVE-2018-19409
CVE-2018-18284
CVE-2018-18073
CVE-2018-17961
CVE-2018-17183
CVE-2018-15919
CVE-2018-15473
CVE-2018-10915
CVE-2018-18498
CVE-2018-18493
CVE-2018-18492
CVE-2018-17466
CVE-2018-12405
CVE-2018-12404
CVE-2018-12384
CVE-2018-0495
CVE-2017-7501
CVE-2017-7500
CVE-2018-5407
CVE-2018-0737
CVE-2018-0734
CVE-2016-8610
CWE-ID CWE-264
CWE-476
CWE-843
CWE-20
CWE-94
CWE-200
CWE-388
CWE-89
CWE-190
CWE-120
CWE-416
CWE-119
CWE-300
CWE-59
CWE-208
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #12 is available.
Public exploit code for vulnerability #19 is available.
Public exploit code for vulnerability #21 is available.
Public exploit code for vulnerability #24 is available.
Vulnerable software
Subscribe
EMC Cloud Tiering Appliance
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Same-origin policy bypass

EUVDB-ID: #VU16489

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18494

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to an error .when using the Javascript location property. A remote attacker can trick the victim into visiting a specially crafted website and theft cross-origin URL entries to cause a redirection to another site using performance.getEntries()

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Null pointer dereference

EUVDB-ID: #VU15322

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18065

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists  in the _set_key() function, as defined in the agent/helpers/table_container.c source code file due to a NULL pointer exception bug. A remote attacker can send a malicious UDP packet, trigger a NULL pointer dereference condition, cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type confusion

EUVDB-ID: #VU16072

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19477

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to a JBIG2Decode type confusion condition in the psi/zfjbig2.csource code file. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type confusion

EUVDB-ID: #VU16073

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19476

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to a setcolorspace type confusion condition in the psi/zicc.c source code file. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security restrictions bypass

EUVDB-ID: #VU16071

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19475

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the psi/zdevice2.c source code file fails to check available stack space. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU16020

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19409

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper checks of the LockSafetyParams device parameter if another device is used as the top device. A local attacker can make a .setdevice call and bypass security restrictions If another device, such as the pdf14 compositor, is the top device on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Code injection

EUVDB-ID: #VU15463

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18284

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass the sandbox protection mechanism on the target system.

The vulnerability exists due to the failure of the sandbox protection mechanism of the affected software when the 1Policy operator is used. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input, bypass the sandbox protection mechanism and modify or replace error handlers used by the software, which the attacker could use to inject and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Security restrictions bypass

EUVDB-ID: #VU15748

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18073

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to exposure of system operators in the saved execution stack in an error object. A remote attacker can bypass a sandbox protection mechanism to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Code Injection

EUVDB-ID: #VU15376

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-17961

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation that allows sandbox bypass via error handler setup vectors. A remote attacker can pass a specially crafted PostScript file to the affected application, inject and execute arbitrary code on the target system.

Note: this vulnerability exists due to insufficient patch for previously fixed Code injection vulnerability (CVE-2018-17183).

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Code Injection

EUVDB-ID: #VU15375

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17183

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the application allowed a user-writable error exception table. A remote attacker can use a specially crafted PostScript file to overwrite error handlers and inject arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU14548

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15919

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of an authentication request packet when the Guide Star Server II (GSS2) component is used. A remote attacker can send an authentication request packet and access sensitive information, such as valid usernames.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) User enumeration

EUVDB-ID: #VU14440

Risk: Medium

CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-15473

CWE-ID: CWE-388 - Error Handling

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to enumerate all accounts on the system.

The vulnerability exists due to a logical error in auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c files when processing authentication requests. A remote attacker can send a specially crafted chain of packets and monitor behavior of openssh server to determine presence of a valid username. The server will drop connection upon receiving a malformed authentication packets if the username is valid.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

13) SQL injection

EUVDB-ID: #VU14326

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10915

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer overflow

EUVDB-ID: #VU16493

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18498

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an integer overflow during buffer size calculations for images. A remote attacker can use a raw value instead of the checked value, trigger out-of-bounds read and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU16448

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18493

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free error

EUVDB-ID: #VU16447

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18492

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error after deleting a selection element due to a weak reference to the select element in the options collection.. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory corruption

EUVDB-ID: #VU15473

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17466

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory corruption

EUVDB-ID: #VU16495

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12405

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Cache Attacks

EUVDB-ID: #VU16219

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-12404

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a downgrade attack on the server and decrypt private keys on the target system.

The vulnerability exists due to a core weakness in TLS that relates to the handshaking of the session key which is used within the tunnel during parallelisation of thousands of oracle queries that occurs using a cluster of TLS servers which share the same public key certificate. A remote attacker can mount a microarchitectural side channel attack against a vulnerable implementation, obtain a network man-in-the-middle position, obtain the relevant data to sign and trigger the victim server to decrypt ciphertexts chosen by the adversary to perform a downgrade attack.






Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) Man-in-the-middle attack

EUVDB-ID: #VU15735

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12384

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.

The weakness exists due to ServerHello.random is all zero when handling a v2-compatible ClientHello. A remote attacker can use man-in-the-middle techniques to conduct passive replay attack and obtain potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory-cache side-channel attack

EUVDB-ID: #VU13370

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-0495

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.  A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks. 

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Link following

EUVDB-ID: #VU31396

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7501

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Link following

EUVDB-ID: #VU31245

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7500

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Side-channel attack

EUVDB-ID: #VU15723

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-5407

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: Yes

Description

The vulnerability allows a physical attacker to obtain potentially sensitive information.

The vulnerability exists due to due to execution of engine sharing on SMT (e.g.Hyper-Threading) architectures when improper handling of information by the processor. A physical attacker can construct a timing side channel to hijack information from processes that are running in the same core.

Note: the vulnerability has been dubbed as PortSmash microarchitecture bug.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

25) Information disclosure

EUVDB-ID: #VU11854

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0737

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the RSA key generation algorithm's BN_mod_inverse() and BN_mod_exp_mont() functions due to a cache timing side channel attack. A local attacker can recover the private key.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Information disclosure

EUVDB-ID: #VU15668

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0734

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Denial of service

EUVDB-ID: #VU1083

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8610

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated user to exhaust memory on the target system.
The weakness is due to improper handling of certain packets by the ssl3_read_bytes() function in 'ssl/s3_pkt.c.
By sending a flood of SSL3_AL_WARNING alerts during the SSL handshake, a remote attacker can consume excessive CPU resources that may lead to OpenSSL library being unavailable.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Cloud Tiering Appliance: before 12.1.0.65

External links

http://www.dell.com/support/kbdoc/en-us/000153852/dsa-2019-050-dell-emc-cloud-tiering-appliance-family-security-update-for-multiple-vulnerabilities-in-embedded-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###