Security News > 2018 > February > Dell EMC plugs critical bugs in VMAX enterprise storage offerings

Dell EMC plugs critical bugs in VMAX enterprise storage offerings
2018-02-16 18:32

Dell EMC has patched two critical flaws in vApp Manager, the management interface for its VMAX enterprise storage systems, and is urging all customers to implement fixes as soon as possible. About the VMAX enterprise storage vulnerabilities The flaws were discovered and reported by Tenable’s director of reverse engineering Carlos Perez. The graver of the two is CVE-2018-1216, which marks the existence of a hard-coded password vulnerability. “The vApp Manager contains an undocumented default account … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/3KPyRjfsmuk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-1216 Use of Hard-coded Credentials vulnerability in Dell products
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
network
low complexity
dell CWE-798
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1664 29 430 411 109 979
EMC 64 0 70 47 25 142