CVE-2017-8013
Last modified
CVE-2017-8013 is a vulnerability of currently unknown severity. EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". EPSS estimates a 2.22% chance of exploitation in the next 30 days.
Description
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Emc | Data Protection Advisor | 6.3.0 |
| Emc | Data Protection Advisor | 6.4.0 |
References
- http://seclists.org/fulldisclosure/2017/Sep/36Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/100846Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039370Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Sep/36Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/100846Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039370Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8013?
How severe is CVE-2017-8013?
How do I fix CVE-2017-8013?
Are you affected by CVE-2017-8013?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST