CVE-2017-14374
Last modified
CVE-2017-14374 is a vulnerability of currently unknown severity. The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Storage Manager | < 16.3.20 |
References
- http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdfRelease Notes, Vendor Advisory
- http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdfRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14374?
How severe is CVE-2017-14374?
How do I fix CVE-2017-14374?
Are you affected by CVE-2017-14374?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST