PROBLEM:
EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access
PLATFORM:
EMC Cloud Tiering Appliance (CTA) 7.4 and prior
EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior
EMC Cloud Tiering Appliance (CTA) 9.0 and prior
EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior
ABSTRACT:
A vulnerability was reported in EMC Cloud Tiering Appliance.
reference LINKS:
SecurityTracker Alert ID: 1027448
Bugtraq ID: 55250
EMC.com
CVE-2012-2285
IMPACT ASSESSMENT:
High
Discussion
EMC Cloud Tiering Appliance (CTA) is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Successful exploit of this issue allows an attacker to bypass authentication and gain administrative privileges; this may aid in launching further attacks.
Impact:
A remote user can gain administrative access on the target system.
Solution:
Cloud Tiering Appliance (CTA) 7.5 and 9.0 with Hotfix ESA-2012-034
CTA 7.3.1 and later with Hotfix ESA-2012-034