Authentication bypass in EMC Unisphere - CVE-2017-14375
Published: November 1, 2017
Vulnerability identifier: #VU9081
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14375
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Unisphere
EMC Unisphere
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to the target system.
The weakness exists due to improper access controls. A remote attacker can supply specially crafted AMF messages to the target vApp Manager servlet, bypass authentication and create new user accounts with administrative privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper access controls. A remote attacker can supply specially crafted AMF messages to the target vApp Manager servlet, bypass authentication and create new user accounts with administrative privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-14375
Update EMC Unisphere to version 8.3.0.10 or 8.4.0.15.