Dell EMC fixed two critical flaws in its management interfaces for its VMAX enterprise storage systems. One of the vulnerabilities could allow a remote attacker to use a hard-coded password to a default account to gain unauthorized access to systems.
The company issued updates that address the two vulnerabilities, CVE-2018-1215 and CVE-2018-1216, on Tuesday. Dell EMC’s VMAX Virtual Appliance (vApp) Manager is a key component to a wide range of the company’s enterprise storage systems.
“The vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement) contains multiple security vulnerabilities that may potentially be exploited by malicious users to compromise the affected system,” wrote Dell EMC in a security advisory.
