#VU7392 Security restrictions bypass in EMC ESRS Policy Manager - CVE-2017-4976
Published: July 10, 2017
Vulnerability identifier: #VU7392
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-4976
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
EMC ESRS Policy Manager
EMC ESRS Policy Manager
Software vendor:
Dell
Dell
Description
The vulnerability allows an adjacent attacker to bypass security restrictions.
The weakness exists due to use of default password by an undocumented account ('OpenDS admin').A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges on the local LDAP directory server.
Successful exploitation of the vulnerability results in full access to the affected system.
The weakness exists due to use of default password by an undocumented account ('OpenDS admin').A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges on the local LDAP directory server.
Successful exploitation of the vulnerability results in full access to the affected system.
Remediation
Update to version 6.8.