Multiple vulnerabilities in Dell EMC Integrated Data Protection Appliance

Published: 2019-09-30

Risk	High
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2019-3747 CVE-2019-3736 CVE-2019-3746
CWE-ID	CWE-79 CWE-310 CWE-307
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	EMC Integrated Data Protection Appliance Server applications / IDS/IPS systems, Firewalls and proxy servers
Vendor	Dell

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Stored cross-site scripting

EUVDB-ID: #VU21441

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3747

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Cloud DR add-on specific field. A remote authenticated ACM administrator can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EMC Integrated Data Protection Appliance: 2.0 - 2.2

CPE2.3

External links

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cryptographic issues

EUVDB-ID: #VU21443

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3736

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to weak cryptography in the ACM component. A remote authenticated attacker with root privileges can use a support tool to decrypt encrypted passwords stored locally on the system and use it to access other components using the privileges of the compromised user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EMC Integrated Data Protection Appliance: 2.0 - 2.2

CPE2.3

External links

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU21442

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-3746

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to the system.

The vulnerability exists due to the affected software does not limit the number of authentication attempts to the ACM API. A remote authenticated attacker can launch a brute-force authentication attack and gain access to the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EMC Integrated Data Protection Appliance: 2.0 - 2.2

CPE2.3

External links

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.