#VU9081 Authentication bypass in EMC Unisphere - CVE-2017-14375
Published: November 1, 2017
Vulnerability identifier: #VU9081
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14375
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EMC Unisphere
EMC Unisphere
Software vendor:
Dell
Dell
Description
The vulnerability allows a remote attacker to gain access to the target system.
The weakness exists due to improper access controls. A remote attacker can supply specially crafted AMF messages to the target vApp Manager servlet, bypass authentication and create new user accounts with administrative privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper access controls. A remote attacker can supply specially crafted AMF messages to the target vApp Manager servlet, bypass authentication and create new user accounts with administrative privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update EMC Unisphere to version 8.3.0.10 or 8.4.0.15.