Multiple vulnerabilities in Dell EMC XtremIO



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-3169
CVE-2017-3167
CWE-ID CWE-592
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 XtremIO XMS
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU7116

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2017-3169

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

XtremIO XMS: before 6.3.1

CPE2.3 External links

https://www.dell.com/support/kbdoc/en-us/000001836/dsa-2020-103-dell-emc-xtremio-security-update-for-httpd-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Authentication bypass

EUVDB-ID: #VU7115

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-3167

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to usage of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker can create a specially crafted HTTP request to vulnerable web server, bypass authentication requirements and gain unauthorized access to otherwise protected information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

XtremIO XMS: before 6.3.1

CPE2.3 External links

https://www.dell.com/support/kbdoc/en-us/000001836/dsa-2020-103-dell-emc-xtremio-security-update-for-httpd-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###