CVE-2018-1215 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2018-1215?

CVE-2018-1215 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1215?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Solutions Enabler Virtual Appliance, Dell Emc Unisphere For Vmax Virtual Appliance, Dell Emc Vasa Virtual Appliance, Dell Emc Vmax Embedded Management.

Vulnerability Description

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Emc Solutions Enabler Virtual Appliance	< 8.4.0.21
Dell	Emc Unisphere For Vmax Virtual Appliance	< 8.4.0.18
Dell	Emc Vasa Virtual Appliance	< 8.4.0.514
Dell	Emc Vmax Embedded Management	<= 1.4

Related Weaknesses (CWE)

CWE-434

References

http://seclists.org/fulldisclosure/2018/Feb/41Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/103039Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040383Third Party AdvisoryVDB Entry
https://www.tenable.com/security/research/tra-2018-03Third Party Advisory
http://seclists.org/fulldisclosure/2018/Feb/41Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/103039Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040383Third Party AdvisoryVDB Entry
https://www.tenable.com/security/research/tra-2018-03Third Party Advisory

FAQ

What is CVE-2018-1215?

CVE-2018-1215 is a vulnerability with a CVSS score of 8.8 (HIGH). An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX ...

How severe is CVE-2018-1215?

CVE-2018-1215 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1215?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Solutions Enabler Virtual Appliance, Dell Emc Unisphere For Vmax Virtual Appliance, Dell Emc Vasa Virtual Appliance, Dell Emc Vmax Embedded Management.