Lucene search

DellCVE-2016-6646

HistoryOct 05, 2016 - 1:59 a.m.

CVE-2016-6646

2016-10-0501:59:41

CWE-20

dell

web.nvd.nist.gov

emc unisphere

vmax

remote code execution

cve-2016-6646

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.

Affected configurations

Nvd

Node

dellemc_unisphereMatch8.0vmax

dellemc_unisphereMatch8.1vmax

dellemc_unisphereMatch8.1.2vmax

dellemc_unisphereMatch8.2vmax

emcsolutions_enablerMatch8.0

emcsolutions_enablerMatch8.0.3

emcsolutions_enablerMatch8.1

emcsolutions_enablerMatch8.1.2

emcsolutions_enablerMatch8.3

emcunisphereMatch8.0.3vmax

VendorProductVersionCPE
dellemc_unisphere8.0cpe:2.3:a:dell:emc_unisphere:8.0:*:*:*:*:vmax:*:*
dellemc_unisphere8.1cpe:2.3:a:dell:emc_unisphere:8.1:*:*:*:*:vmax:*:*
dellemc_unisphere8.1.2cpe:2.3:a:dell:emc_unisphere:8.1.2:*:*:*:*:vmax:*:*
dellemc_unisphere8.2cpe:2.3:a:dell:emc_unisphere:8.2:*:*:*:*:vmax:*:*
emcsolutions_enabler8.0cpe:2.3:a:emc:solutions_enabler:8.0:*:*:*:*:*:*:*
emcsolutions_enabler8.0.3cpe:2.3:a:emc:solutions_enabler:8.0.3:*:*:*:*:*:*:*
emcsolutions_enabler8.1cpe:2.3:a:emc:solutions_enabler:8.1:*:*:*:*:*:*:*
emcsolutions_enabler8.1.2cpe:2.3:a:emc:solutions_enabler:8.1.2:*:*:*:*:*:*:*
emcsolutions_enabler8.3cpe:2.3:a:emc:solutions_enabler:8.3:*:*:*:*:*:*:*
emcunisphere8.0.3cpe:2.3:a:emc:unisphere:8.0.3:*:*:*:*:vmax:*:*

Vendor	Product	Version	CPE
dell	emc_unisphere	8.0	cpe:2.3:a:dell:emc_unisphere:8.0:::::vmax::
dell	emc_unisphere	8.1	cpe:2.3:a:dell:emc_unisphere:8.1:::::vmax::
dell	emc_unisphere	8.1.2	cpe:2.3:a:dell:emc_unisphere:8.1.2:::::vmax::
dell	emc_unisphere	8.2	cpe:2.3:a:dell:emc_unisphere:8.2:::::vmax::
emc	solutions_enabler	8.0	cpe:2.3:a:emc:solutions_enabler:8.0:::::::*
emc	solutions_enabler	8.0.3	cpe:2.3:a:emc:solutions_enabler:8.0.3:::::::*
emc	solutions_enabler	8.1	cpe:2.3:a:emc:solutions_enabler:8.1:::::::*
emc	solutions_enabler	8.1.2	cpe:2.3:a:emc:solutions_enabler:8.1.2:::::::*
emc	solutions_enabler	8.3	cpe:2.3:a:emc:solutions_enabler:8.3:::::::*
emc	unisphere	8.0.3	cpe:2.3:a:emc:unisphere:8.0.3:::::vmax::

References

seclists.org/bugtraq/2016/Oct/7

www.securityfocus.com/bid/93343

www.securitytracker.com/id/1036941

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Related for CVE-2016-6646