cnvd - cnvd-2018-22244

cnvd-2018-22244

Vulnerability from cnvd

Title: Dell EMC Integrated Data Protection Appliance未记录账户漏洞

Description:

Dell EMC Integrated Data Protection Appliance (IDPA)是一种预先集成的交钥匙解决方案，易于部署和扩展，为各种应用程序生态系统提供全面保护。

Dell EMC Integrated Data Protection Appliance存在未记录账户漏洞，具有默认密码知识的恶意用户可能会潜在地登录系统并获得对某些系统文件的读写访问权限。

Severity: 高

Patch Name: Dell EMC Integrated Data Protection Appliance未记录账户漏洞的补丁

Patch Description:

Dell EMC Integrated Data Protection Appliance (IDPA)是一种预先集成的交钥匙解决方案，易于部署和扩展，为各种应用程序生态系统提供全面保护。

Dell EMC Integrated Data Protection Appliance存在未记录账户漏洞，具有默认密码知识的恶意用户可能会潜在地登录系统并获得对某些系统文件的读写访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： https://download.emc.com/downloads/DL89669_Idpa_post_update_2.1.0.599285.tar.gz

Reference: https://seclists.org/fulldisclosure/2018/Oct/53

Impacted products

Name
['Dell EMC Integrated Data Protection Appliance 2.0', 'Dell EMC Integrated Data Protection Appliance 2.1', 'Dell EMC Integrated Data Protection Appliance 2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11062"
    }
  },
  "description": "Dell EMC Integrated Data Protection Appliance (IDPA)\u662f\u4e00\u79cd\u9884\u5148\u96c6\u6210\u7684\u4ea4\u94a5\u5319\u89e3\u51b3\u65b9\u6848\uff0c\u6613\u4e8e\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u4e3a\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u751f\u6001\u7cfb\u7edf\u63d0\u4f9b\u5168\u9762\u4fdd\u62a4\u3002\n\nDell EMC Integrated Data Protection Appliance\u5b58\u5728\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\u77e5\u8bc6\u7684\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6f5c\u5728\u5730\u767b\u5f55\u7cfb\u7edf\u5e76\u83b7\u5f97\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u6587\u4ef6\u7684\u8bfb\u5199\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://download.emc.com/downloads/DL89669_Idpa_post_update_2.1.0.599285.tar.gz",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22244",
  "openTime": "2018-10-31",
  "patchDescription": "Dell EMC Integrated Data Protection Appliance (IDPA)\u662f\u4e00\u79cd\u9884\u5148\u96c6\u6210\u7684\u4ea4\u94a5\u5319\u89e3\u51b3\u65b9\u6848\uff0c\u6613\u4e8e\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u4e3a\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u751f\u6001\u7cfb\u7edf\u63d0\u4f9b\u5168\u9762\u4fdd\u62a4\u3002\r\n\r\nDell EMC Integrated Data Protection Appliance\u5b58\u5728\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\u77e5\u8bc6\u7684\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6f5c\u5728\u5730\u767b\u5f55\u7cfb\u7edf\u5e76\u83b7\u5f97\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u6587\u4ef6\u7684\u8bfb\u5199\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Integrated Data Protection Appliance\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Integrated Data Protection Appliance 2.0",
      "Dell EMC Integrated Data Protection Appliance 2.1",
      "Dell EMC Integrated Data Protection Appliance 2.2"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/53",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-31",
  "title": "Dell EMC Integrated Data Protection Appliance\u672a\u8bb0\u5f55\u8d26\u6237\u6f0f\u6d1e"
}

CVE-2018-11062 (GCVE-0-2018-11062)

Vulnerability from cvelistv5

Published

2018-11-02 22:00

Modified

2024-09-16 18:04

Severity ?

CWE

Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability

Summary

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.

References

▼	URL	Tags
	https://seclists.org/fulldisclosure/2018/Oct/53	mailing-list, x_refsource_FULLDISC
	http://www.securityfocus.com/bid/105764	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Dell EMC	Integrated Data Protection Appliance	Version: 2.X < 2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
          },
          {
            "name": "105764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105764"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integrated Data Protection Appliance",
          "vendor": "Dell EMC",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "2.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-03T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
        },
        {
          "name": "105764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105764"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
          "ID": "CVE-2018-11062",
          "STATE": "PUBLIC",
          "TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integrated Data Protection Appliance",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "2.X",
                            "version_value": "2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
            },
            {
              "name": "105764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105764"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11062",
    "datePublished": "2018-11-02T22:00:00Z",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-09-16T18:04:27.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted