You are here

U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access

August 29, 2012 - 6:00am

Addthis

PROBLEM:

EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access

PLATFORM:

EMC Cloud Tiering Appliance (CTA) 7.4 and prior
EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior
EMC Cloud Tiering Appliance (CTA) 9.0 and prior
EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior

ABSTRACT:

A vulnerability was reported in EMC Cloud Tiering Appliance.

reference LINKS:

SecurityTracker Alert ID:  1027448
Bugtraq ID:  55250 
EMC.com
CVE-2012-2285

IMPACT ASSESSMENT:

High

Discussion

EMC Cloud Tiering Appliance (CTA) is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Successful exploit of this issue allows an attacker to bypass authentication and gain administrative privileges; this may aid in launching further attacks.

Impact:

A remote user can gain administrative access on the target system.

Solution:

The vendor has issued a fix

Cloud Tiering Appliance (CTA) 7.5 and 9.0 with Hotfix ESA-2012-034
CTA 7.3.1 and later with Hotfix ESA-2012-034

Addthis