Dell EMC has patched two critical flaws in vApp Manager, the management interface for its VMAX enterprise storage systems, and is urging all customers to implement fixes as soon as possible.
About the VMAX enterprise storage vulnerabilities
The flaws were discovered and reported by Tenable’s director of reverse engineering Carlos Perez.
The graver of the two is CVE-2018-1216, which marks the existence of a hard-coded password vulnerability.
“The vApp Manager contains an undocumented default account (ÒsmcÓ) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system,” Dell EMC explained.
The company solved the problem by removing this default account for all fresh installations of versions of the products that contain the fixes, but that the account cannot be removed from the user database for upgrade situations.
“However all servlets that use this account have been removed from the application making the account obsolete,” they added.
The second vulnerability (CVE-2018-1215) could be leveraged by remote attackers to upload arbitrary maliciously crafted files in any location on the web server, but they need to authenticate to the targeted system first.
This attack prerequisite can be achieved by chaining the two vulnerabilities, though, as the attacker may use the default account to exploit CVE-2018-1215.
Which products are affected?
The flaws are present in:
- Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 188.8.131.52
- Dell EMC Solutions Enabler Virtual Appliance versions prior to 184.108.40.206
- Dell EMC VASA Virtual Appliance versions prior to 220.127.116.114
- Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
Some of the updated software (for the VASA Virtual Appliance) is available from the Dell EMC Online Support download page, but customers will have to open a service request with Dell EMC Customer Support to get the other fixes.