Authentication bypass in EMC Secure Remote Services - CVE-2017-4986
Published: June 20, 2017
Vulnerability identifier: #VU7122
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4986
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Secure Remote Services
EMC Secure Remote Services
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.
The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.
Successful exploitation of the vulnerability may result in information disclosure.
How to mitigate CVE-2017-4986
Update to version 3.20.