CVE-2018-11062 — Hard-coded Credentials in EMC Integrated Data Protection Appliance

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Integrated Data Protection Appliance Dell EMC Integrated Data Protection Appliance

Timeline

PublishedNov 2

Latest updateMay 14

Description

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell_emc/integrated_data_protection_appliance2.X — 2.3

▶NVDdell/emc_integrated_data_protection_appliance2.0 — 2.2

🔴Vulnerability Details

GHSA

GHSA-gfmq-gfvf-29rv: Integrated Data Protection Appliance versions 2↗2022-05-14

▶

CVEList

Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability↗2018-11-02

▶