{"containers": {"cna": {"affected": [{"product": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)", "vendor": "n/a", "versions": [{"status": "affected", "version": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)"}]}], "datePublic": "2018-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface."}], "problemTypes": [{"descriptions": [{"description": "Hard-coded password vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T10:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "103039", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103039"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2018-03"}, {"name": "1040383", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040383"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2018/Feb/41"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2018-1216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)", "version": {"version_data": [{"version_value": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Hard-coded password vulnerability"}]}]}, "references": {"reference_data": [{"name": "103039", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103039"}, {"name": "https://www.tenable.com/security/research/tra-2018-03", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-03"}, {"name": "1040383", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040383"}, {"name": "http://seclists.org/fulldisclosure/2018/Feb/41", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2018/Feb/41"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:49.053Z"}, "title": "CVE Program Container", "references": [{"name": "103039", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103039"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2018-03"}, {"name": "1040383", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040383"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Feb/41"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1216", "datePublished": "2018-03-08T15:00:00", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2024-08-05T03:51:49.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C11BA54-7DB1-4779-BAE3-C9F29763B90C", "versionEndExcluding": "8.4.0.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_unisphere_for_vmax_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6E1AAB2-8E4F-4D3C-85C7-F890CFF6EEB1", "versionEndExcluding": "8.4.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vasa_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "D472B8F3-5E22-4891-8D15-AE214EC02757", "versionEndExcluding": "8.4.0.514", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vmax_embedded_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B35B48-28AF-4BA4-B819-C737384FA089", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de contrase\u00f1a embebida en vApp Manager que est\u00e1 embebido en Dell EMC Unisphere para VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances y Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere para VMAX Virtual Appliance en versiones anteriores a la 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance en versiones anteriores a la 8.4.0.21, Dell EMC VASA Virtual Appliance en versiones anteriores a la 8.4.0.514, y Dell EMC VMAX Embedded Management (eManagement) en su versi\u00f3n 1.4 y anteriores (Enginuity Release 5977.1125.1125 y anteriores). Contienen una cuenta por defecto (smc) no documentada con una contrase\u00f1a embebida que se podr\u00eda utilizar con determinados servlets web. Un atacante remoto que conozca la contrase\u00f1a embebida y el formato del mensaje podr\u00eda utilizar los servlets vulnerables para obtener acceso no autorizado al sistema. Nota: esta cuenta no se puede utilizar para iniciar sesi\u00f3n mediante la interfaz de usuario web."}], "id": "CVE-2018-1216", "lastModified": "2018-03-29T14:53:50.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-08T15:29:00.627", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Feb/41"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103039"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040383"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-03"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}