Security restrictions bypass in EMC ESRS Policy Manager - CVE-2017-4976
Published: July 10, 2017
Vulnerability identifier: #VU7392
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-4976
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC ESRS Policy Manager
EMC ESRS Policy Manager
Detailed vulnerability description
The vulnerability allows an adjacent attacker to bypass security restrictions.
The weakness exists due to use of default password by an undocumented account ('OpenDS admin').A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges on the local LDAP directory server.
Successful exploitation of the vulnerability results in full access to the affected system.
The weakness exists due to use of default password by an undocumented account ('OpenDS admin').A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges on the local LDAP directory server.
Successful exploitation of the vulnerability results in full access to the affected system.
How to mitigate CVE-2017-4976
Update to version 6.8.