CVE-2014-0645 - EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store D

CVE-2014-0645

Summary

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.

References

Vulnerable Configurations

cpe:2.3:a:emc:cloud_tiering_appliance_software:9.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:9.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:-:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:-:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:sp1:*:*:*:*:*:*
cpe:2.3:h:emc:cloud_tiering_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:cloud_tiering_appliance:-:*:*:*:*:*:*:*
cpe:2.3:a:emc:file_management_appliance_software:7.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:file_management_appliance_software:7.0:*:*:*:*:*:*:*
cpe:2.3:h:emc:file_management_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:file_management_appliance:-:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 17-04-2014 - 15:10)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:N/A:N

refmap via4

bugtraq	20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
fulldisc	20140331 EMC CTA v10.0 unauthenticated XXE with root perms
misc	https://gist.github.com/brandonprry/9895721

Last major update

17-04-2014 - 15:10

Published

17-04-2014 - 01:55

Last modified

17-04-2014 - 15:10