You are here

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control

March 27, 2013 - 12:51am

Addthis

PROBLEM:

EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control

PLATFORM:

Version(s): prior to 9.2

ABSTRACT:

Two vulnerabilities were reported in EMC Smarts Network Configuration Manager.

REFERENCE LINKS:

SecurityTracker Alert ID:  1028342
www.emc.com
CVE-2013-0935
 

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system.

A user can exploit unspecified flaws in the NCM System Management (SysAdmin) Console with unspecified impact.

IMPACT:

A remote user can gain control of the target system.

The impact of the console vulnerability was not specified.

SOLUTION:

The vendor has issued a fix (9.2) for the Java vulnerability.

No solution was available for the NCM System Management (SysAdmin) Console vulnerability at the time of this entry. The vendor recommends disabling the console.

 

Addthis