Main Vulnerability Database Vulnerabilities #VU758

Arbitrary code execution in Solutions Enabler Virtual Appliance and VMAX Virtual Appliance Manager - CVE-2016-6646

Published: October 4, 2016 / Updated: October 5, 2016

Vulnerability identifier: #VU758

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-6646

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
Solutions Enabler Virtual Appliance
VMAX Virtual Appliance Manager

Detailed vulnerability description

The vulnerability allows a remote user to cause arbitrary code execution on the target system.
The weakness is caused by insufficient input validation. By uploading specially crafted data to the GetSymmCmdRequest or RemoteServiceHandler class atackers can execute arbitary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

How to mitigate CVE-2016-6646

Update to version 8.3.0.

Sources

http://seclists.org/bugtraq/2016/Oct/7

Arbitrary code execution in Solutions Enabler Virtual Appliance and VMAX Virtual Appliance Manager - CVE-2016-6646

Detailed vulnerability description

How to mitigate CVE-2016-6646

Sources

Please verify you're human