First published: Wed Oct 05 2016(Updated: )
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
EMC Unisphere | =8.0 | |
EMC Unisphere | =8.1 | |
EMC Unisphere | =8.1.2 | |
EMC Unisphere | =8.2 | |
Dell Solutions Enabler | =8.0 | |
Dell Solutions Enabler | =8.0.3 | |
Dell Solutions Enabler | =8.1 | |
Dell Solutions Enabler | =8.1.2 | |
Dell Solutions Enabler | =8.3 | |
EMC Unisphere | =8.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6646 is considered a critical vulnerability as it allows remote attackers to execute arbitrary code.
To fix CVE-2016-6646, update EMC Unisphere for VMAX or Solutions Enabler to version 8.3.0 or later.
CVE-2016-6646 affects EMC Unisphere for VMAX versions 8.0 to 8.2 and Solutions Enabler versions 8.0 to 8.2.
CVE-2016-6646 allows remote code execution, enabling attackers to take control of affected systems.
Check if you are running EMC Unisphere for VMAX or Solutions Enabler versions prior to 8.3.0 to determine vulnerability to CVE-2016-6646.