cnvd - cnvd-2017-01880

cnvd-2017-01880

Vulnerability from cnvd

Title: EMC RecoverPoint SSL Stripping安全绕过漏洞

Description:

EMC RecoverPoint是一套灾难恢复和数据保护软件,EMC RecoverPoint for Virtual Machines（VMs）是一套面向VMware环境的灾难恢复解决方案。

EMC RecoverPoint SSL Stripping安全绕过漏洞。允许攻击者执行中间人攻击并获取访问到敏感信息的权限，导致进一步攻击。

Severity: 中

Patch Name: EMC RecoverPoint SSL Stripping安全绕过漏洞的补丁

Patch Description:

EMC RecoverPoint是一套灾难恢复和数据保护软件,EMC RecoverPoint for Virtual Machines（VMs）是一套面向VMware环境的灾难恢复解决方案。

EMC RecoverPoint SSL Stripping安全绕过漏洞。允许攻击者执行中间人攻击并获取访问到敏感信息的权限，导致进一步攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://store.emc.com/en-us/Solve-For/STORAGE-PRODUCTS/Dell-EMC-RecoverPoint/p/EMC-RecoverPoint?productCode=&fromPage=PVP

Reference: http://www.securityfocus.com/bid/96156

Impacted products

Name
['DELL EMC RecoverPoint for Virtual Machines 4.3.1.4', 'DELL EMC RecoverPoint for Virtual Machines 4.0', 'DELL EMC RecoverPoint 4.4.1.1', 'DELL EMC RecoverPoint 4.4.1.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96156"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6650",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6650"
    }
  },
  "description": "EMC RecoverPoint\u662f\u4e00\u5957\u707e\u96be\u6062\u590d\u548c\u6570\u636e\u4fdd\u62a4\u8f6f\u4ef6,EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u8bbf\u95ee\u5230\u654f\u611f\u4fe1\u606f\u7684\u6743\u9650\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Mike Erman, Jack Baker and Joshua Burbrink from Northrop Grumman",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://store.emc.com/en-us/Solve-For/STORAGE-PRODUCTS/Dell-EMC-RecoverPoint/p/EMC-RecoverPoint?productCode=\u0026fromPage=PVP",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01880",
  "openTime": "2017-02-24",
  "patchDescription": "EMC RecoverPoint\u662f\u4e00\u5957\u707e\u96be\u6062\u590d\u548c\u6570\u636e\u4fdd\u62a4\u8f6f\u4ef6,EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u8bbf\u95ee\u5230\u654f\u611f\u4fe1\u606f\u7684\u6743\u9650\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL EMC RecoverPoint for Virtual Machines 4.3.1.4",
      "DELL EMC RecoverPoint for Virtual Machines  4.0",
      "DELL EMC RecoverPoint 4.4.1.1",
      "DELL EMC RecoverPoint  4.4.1.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96156",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-17",
  "title": "EMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2016-6650 (GCVE-0-2016-6650)

Vulnerability from cvelistv5

Published

2017-03-21 16:00

Modified

2024-08-06 01:36

Severity ?

CWE

SSL Stripping Vulnerability

Summary

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038066	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/540303/30/0/threaded	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96156	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0	Version: EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:29.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038066",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
          },
          {
            "name": "96156",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSL Stripping Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038066",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
        },
        {
          "name": "96156",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-6650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSL Stripping Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038066",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038066"
            },
            {
              "name": "http://www.securityfocus.com/archive/1/540303/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
            },
            {
              "name": "96156",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-6650",
    "datePublished": "2017-03-21T16:00:00",
    "dateReserved": "2016-08-10T00:00:00",
    "dateUpdated": "2024-08-06T01:36:29.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted