Login     Logout     Register     My Account

Forum Navigation
You need to log in to create posts and topics.

EMC Patches critical flaws in VMAX

Dell EMC fixed two critical flaws in its management interfaces for its VMAX enterprise storage systems. One of the vulnerabilities could allow a remote attacker to use a hard-coded password to a default account to gain unauthorized access to systems.

The company issued updates that address the two vulnerabilities, CVE-2018-1215 and CVE-2018-1216, on Tuesday. Dell EMC’s VMAX Virtual Appliance (vApp) Manager is a key component to a wide range of the company’s enterprise storage systems.

“The vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement) contains multiple security vulnerabilities that may potentially be exploited by malicious users to compromise the affected system,” wrote Dell EMC in a security advisory.

The most serious flaw (CVE-2018-1216) in the vApp Manager is tied to an undocumented default account (ÒsmcÓ) which has a hard-coded password that can be used in conjunction with web-based Java servlets. Java servlets are server-side programs which run on the server side, handling specialized requests.

“A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system,” according to the security bulletin. The vulnerability has a Common Vulnerability Scoring System (CVSS) base score of 9.8.

The other critical vulnerability (CVE-2018-1215) fixed in the vApp Manager application is also rated critical with a CVSS score of 8.8. In the case of this vulnerability, a remote authenticated malicious user could upload arbitrary maliciously crafted files to any location on a targeted web server.

Researchers point out this vulnerability requires a chaining of the previous vulnerability CVE-2018-1216 in order to exploit it.

Credited for finding the bug is Carlos Perez, a researcher with Tenable.

Dell EMC says part of its mitigation efforts have included removing the default ÒsmcÓ account from fresh installs. However, it said the account will not be removed when customers upgrade the vApp Manager application. “However all servlets that use this account have been removed from the application making the account obsolete,” Dell EMC noted.

Affected products include:

Dell EMC Unisphere for VMAX Virtual Appliance versions prior to

Dell EMC Solutions Enabler Virtual Appliance versions prior to

Dell EMC VASA Virtual Appliance versions prior to


Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier)

Dell is the best company in the computer and computer parts but sometimes they have some issues, in that case, you can replace it anytime. If you dont get exchange then according to mymathgenius reviews you can get it repaired anytime.

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems. Attacks include a hard-coded password vulnerability that could give attackers ... by  epicfollowers
I am wondering how you gathered these ideas together. The content in their blog is really helpful and entertaining as well. Just loved your content. I will come again for sure. Appreciated for buying TikTok Views UK
#Dell #EMC has fixed six flaws in its management interfaces for #VMAX enterprise storage systems, including three vulnerabilities that are rated critical and ...by followers italy
Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems ... Attacks include a hard-coded password vulnerability that could give attackers ...by followers australia

EMC has patched several critical and high severity vulnerabilities affecting the management interface of VMAX enterprise storage products. by [url=http://followersuk.co.uk/]followers uk[/url]

Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks ... System components for VMAX All Flash and VMAX3 storage arrays. ... EMC takes reports of potential vulnerabilities in our products very seriously. ... Response Center at
by followers uk

Great article and tons of tools that can help us with our social media efforts and blog.

I also read some others blogs articles but your articles is mind blowing.In your blogs lots of information who help me in my problems.

I dont know about social media marketing when i read your article i really knowing about all of social media marketing.i hope u will get more rank on your blog.

Thanks for sharing your experience on Social Marketing.

Enterprise Storage Engineer

%d bloggers like this: