Numéro d’article: 000153683
High
Summary:
Dell EMC Data Protection Advisor contains remediation for a hard-coded credential vulnerability that may be exploited by malicious users to compromise the affected system.
Hard-Coded Credential Vulnerability
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1 contain a hard-coded credential vulnerability in an undocumented account with limited privileges. A remote unauthenticated malicious user with the knowledge of the hard-coded password, may log in to the system and gain read-only privileges.
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Hard-Coded Credential Vulnerability
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1 contain a hard-coded credential vulnerability in an undocumented account with limited privileges. A remote unauthenticated malicious user with the knowledge of the hard-coded password, may log in to the system and gain read-only privileges.
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected products:
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1
Remediation:
The following Dell EMC Data Protection Advisor releases address this vulnerability:
Dell EMC Data Protection Advisor 18.2
Dell EMC Data Protection Advisor 19.1
Dell EMC Data Protection Advisor 19.2
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1
Remediation:
The following Dell EMC Data Protection Advisor releases address this vulnerability:
Dell EMC Data Protection Advisor 18.2
Dell EMC Data Protection Advisor 19.1
Dell EMC Data Protection Advisor 19.2
Dell EMC recommends all customers upgrade at the earliest opportunity.
Dell EMC would like to thank Cyku from DEVCORE (https://devco.re) for reporting this vulnerability.
Data Protection Advisor
Data Protection Advisor, Product Security Information
10 avr. 2021
Dell Security Advisory