CVE-2017-8011 Information

Description

EMC ViPR SRM EMC Storage M&R EMC VNX M&R EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1 EMC Storage M&R prior to 4.1 EMC VNX M&R all versions EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2017/Jul/21 http://www.securityfocus.com/bid/99555 http://www.securitytracker.com/id/1038905

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8