CVE-2017-14375Authentication Bypass by Spoofing in Dell EMC Unisphere

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.1%
top 16.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell EMC UnisphereEMC Solutions EnablerEMC Vasa+1 more
Timeline
PublishedNov 1
Latest updateMay 13

Description

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDemc/solutions_enabler< 8.4.0.15
NVDemc/vasa< 8.4.0.512
NVDdell/emc_unisphere< 8.4.0.15

🔴Vulnerability Details

2
GHSA
GHSA-3mf6-cpxv-733m: EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 82022-05-13
CVEList
CVE-2017-14375: EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 82017-11-01
CVE-2017-14375 — Authentication Bypass by Spoofing | cvebase