The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
Weakness
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Solutions_enabler | Dell | * | 9.1.0.18 (excluding) |
| Solutions_enabler | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Solutions_enabler_virtual_appliance | Dell | * | 9.1.0.18 (excluding) |
| Solutions_enabler_virtual_appliance | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Unisphere_360 | Dell | * | 9.1.0.29 (excluding) |
| Unisphere_360 | Dell | 9.2.0.0 (including) | 9.2.3.3 (excluding) |
| Unisphere_for_powermax | Dell | * | 9.1.0.31 (excluding) |
| Unisphere_for_powermax | Dell | 9.2.0.0 (including) | 9.2.3.4 (excluding) |
| Unisphere_for_powermax_virtual_appliance | Dell | * | 9.1.0.31 (excluding) |
| Unisphere_for_powermax_virtual_appliance | Dell | 9.2.0.0 (including) | 9.2.3.4 (excluding) |
| Vasa | Dell | * | 9.1.0.723 (excluding) |
| Vasa | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Powermax_os | Dell | 5978 (including) | 5978 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/104.html
- https://cwe.mitre.org/data/definitions/470.html
- https://cwe.mitre.org/data/definitions/69.html