CVE-2018-1215: Malicious File Upload
First published: Thu Mar 08 2018(Updated: )
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Solutions Enabler Virtual Appliance | <8.4.0.21 | |
| Dell EMC Unisphere for VMAX Virtual Appliance | <8.4.0.18 | |
| Dell EMC VASA Virtual Appliance | <8.4.0.514 | |
| Dell EMC VMAX Embedded Management | <=1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1215?
CVE-2018-1215 is an arbitrary file upload vulnerability discovered in vApp Manager, which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management.
How does CVE-2018-1215 affect Dell EMC Solutions Enabler Virtual Appliance?
Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21 are affected by CVE-2018-1215.
How does CVE-2018-1215 affect Dell EMC Unisphere for VMAX Virtual Appliance?
Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18 are affected by CVE-2018-1215.
How does CVE-2018-1215 affect Dell EMC VASA Virtual Appliance?
Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514 are affected by CVE-2018-1215.
How does CVE-2018-1215 affect Dell EMC VMAX Embedded Management?
Dell EMC VMAX Embedded Management versions up to and including 1.4 are affected by CVE-2018-1215.
What is the severity of CVE-2018-1215?
CVE-2018-1215 has a severity score of 8.8 (Critical).
What is the Common Weakness Enumeration (CWE) of CVE-2018-1215?
CVE-2018-1215 is associated with CWE-434, which is an Unrestricted Upload of File with Dangerous Type vulnerability.
Where can I find more information about CVE-2018-1215?
You can find more information about CVE-2018-1215 at the following references: [1] http://seclists.org/fulldisclosure/2018/Feb/41 [2] http://www.securityfocus.com/bid/103039 [3] http://www.securitytracker.com/id/1040383
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell emc solutions enabler virtual appliance
- canonical/dell emc unisphere for vmax virtual appliance
- canonical/dell emc vasa virtual appliance
- canonical/dell emc vmax embedded management
- version/dell emc vmax embedded management/1.4