CVE-2017-8011

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Jul/21 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99555 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038905 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:emc_m\&r:-:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-17 14:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-8011

Mitre link : CVE-2017-8011

CVE.ORG link : CVE-2017-8011


JSON object : View

Products Affected

dell

  • emc_vipr_srm
  • emc_vnx_monitoring_and_reporting
  • emc_m\&r
  • emc_storage_monitoring_and_reporting
CWE
CWE-798

Use of Hard-coded Credentials