Main Vulnerability Database Vulnerabilities #VU758

#VU758 Arbitrary code execution in Solutions Enabler Virtual Appliance and VMAX Virtual Appliance Manager - CVE-2016-6646

Published: October 4, 2016 / Updated: October 5, 2016

Vulnerability identifier: #VU758

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-6646

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Solutions Enabler Virtual Appliance
VMAX Virtual Appliance Manager

Software vendor:
Dell

Description

The vulnerability allows a remote user to cause arbitrary code execution on the target system.
The weakness is caused by insufficient input validation. By uploading specially crafted data to the GetSymmCmdRequest or RemoteServiceHandler class atackers can execute arbitary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Update to version 8.3.0.

External links

http://seclists.org/bugtraq/2016/Oct/7