Detections
Analytics
EMC Solutions Enabler Virtual Appliance 8.x < 8.3.0 RCE
critical Nessus Plugin ID 94513
Language:
Synopsis
The remote virtual appliance is affected by a remote command execution vulnerability.Description
The version of EMC Solutions Enabler Virtual Appliance running on the remote host is 8.x prior to 8.3.0. It is, therefore, affected by multiple vulnerabilities :- Multiple flaws exist in the web interface related to the GeneralCmdRequest, PersistantDataRequest, and GetCommandExecRequest classes. An authenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary commands with root privileges. (CVE-2016-6645)
- Multiple flaws exist in the web interface related to the GetSymmCmdRequest and RemoteServiceHandler classes. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary commands with root privileges. (CVE-2016-6646)
Solution
Upgrade to EMC Solutions Enabler Virtual Appliance version 8.3.0 or later.See Also
https://seclists.org/bugtraq/2016/Oct/att-7/ESA-2016-121.txt
Plugin Details
Severity: Critical
ID: 94513
File Name: emc_vapp_manager_solutions_enabler_ESA_2016_121.nasl
Version: 1.7
Type: local
Family: CGI abuses
Published: 11/3/2016
Updated: 11/14/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:emc:solutions_enabler
Required KB Items: Host/EMC/Solutions Enabler Virtual Appliance
Exploit Ease: No known exploits are available
Patch Publication Date: 10/4/2016
Vulnerability Publication Date: 10/4/2016
Reference Information
CVE: CVE-2016-6645, CVE-2016-6646
BID: 93343