#VU7122 Authentication bypass in EMC Secure Remote Services - CVE-2017-4986
Published: June 20, 2017
Vulnerability identifier: #VU7122
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4986
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EMC Secure Remote Services
EMC Secure Remote Services
Software vendor:
Dell
Dell
Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.
The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.
Successful exploitation of the vulnerability may result in information disclosure.
Remediation
Update to version 3.20.