Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability

Dell EMC Integrated Data Protection Appliance is affected by a vulnerability that allows attackers to bypass security restrictions using an undocumented account's default password.
Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks.

Dell EMC Integrated Data Protection Appliance 2.0, 2.1 and 2.2 versions are vulnerable.

Information

Bugtraq ID: 105764
Class: Design Error
CVE: CVE-2018-11062

Remote: Yes
Local: No
Published: Oct 31 2018 12:00AM
Updated: Oct 31 2018 12:00AM
Credit: Dell
Vulnerable: Dell EMC Integrated Data Protection Appliance 2.2
Dell EMC Integrated Data Protection Appliance 2.1
Dell EMC Integrated Data Protection Appliance 2.0

Not Vulnerable:

Exploit

References:

• Dell Homepage (Dell)
  
• DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accoun (Seclist)
  

Source: www.securityfocus.com