CVE-2015-0529 - EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate an

CVE-2015-0529

Summary

EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.

References

http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html
http://seclists.org/bugtraq/2015/Apr/1

Vulnerable Configurations

cpe:2.3:a:emc:powerpath_virtual_appliance:1.2:*:*:*:*:*:*:*
cpe:2.3:a:emc:powerpath_virtual_appliance:1.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 23-08-2016 - 18:00)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20150401 ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability
misc	http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html

Last major update

23-08-2016 - 18:00

Published

05-04-2015 - 01:59

Last modified

23-08-2016 - 18:00