VIR Vulnerability Intelligence Relay

CVE-2017-8011

critical
Published 2017-07-17 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VIR risk
9.8

Description

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
dell dellemc_m\&r-
dell dellemc_storage_monitoring_and_reporting4.0.2
dell dellemc_vipr_srm{"endIncluding":"4.0.2"}
dell dellemc_vnx_monitoring_and_reporting-

References

CWEs

CWE-798

💬 Discuss CVE-2017-8011 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.