#VU7122 Authentication bypass in EMC Secure Remote Services - CVE-2017-4986

Cybersecurity Help s.r.o.

Published: 2017-06-20

Vulnerability identifier: #VU7122

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-4986

CWE-ID: CWE-592

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EMC Secure Remote Services
Web applications / Remote management & hosting panels

Vendor: Dell

Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.

The weakness exists due to unsafe authentication mechanism. A remote attacker can bypass authentication and potentially read sensitive log data containing usernames and IP addresses.

Successful exploitation of the vulnerability may result in information disclosure.

Mitigation
Update to version 3.20.

Vulnerable software versions

EMC Secure Remote Services: 3.0 - 3.18

External links
https://www.securityfocus.com/archive/1/540721/30/0/threaded

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authentication bypass in EMC Secure Remote Services