Sign-up

ID

VAR-201712-0081


CVE

CVE-2017-14374


TITLE

Dell Storage Manager Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2017-011310

DESCRIPTION

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). Dell Storage Manager is an application for managing and monitoring multiple Storage Centers and PS series FluidFS from Dell. An attacker can exploit this vulnerability by sending HTTP requests to disable the SMI-S service

Trust: 1.71

sources: NVD: CVE-2017-14374 // JVNDB: JVNDB-2017-011310 // VULHUB: VHN-105090

AFFECTED PRODUCTS

vendor:dellmodel:storage managerscope:ltversion:16.3.20

Trust: 1.0

vendor:dellmodel:storage managerscope:ltversion:16.3.20 ( alias 2016 r3.20)

Trust: 0.8

sources: JVNDB: JVNDB-2017-011310 // NVD: CVE-2017-14374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14374
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14374
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201709-1100
value: HIGH

Trust: 0.6

VULHUB: VHN-105090
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14374
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105090
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14374
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105090 // JVNDB: JVNDB-2017-011310 // CNNVD: CNNVD-201709-1100 // NVD: CVE-2017-14374

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-105090 // JVNDB: JVNDB-2017-011310 // NVD: CVE-2017-14374

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1100

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-1100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011310

PATCH
title:Dell Storage Manager 2016 R3 Release Notesurl:http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011310

EXTERNAL IDS
db:NVDid:CVE-2017-14374
Trust: 2.5
db:JVNDBid:JVNDB-2017-011310
Trust: 0.8
db:CNNVDid:CNNVD-201709-1100
Trust: 0.7
db:VULHUBid:VHN-105090
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105090 // 
            
            
            
            JVNDB: JVNDB-2017-011310 // 
            
            
            
            CNNVD: CNNVD-201709-1100 // 
            
            
            
            NVD: CVE-2017-14374

REFERENCES
url:http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14374
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14374
Trust: 0.8
sources:
            
            
            VULHUB: VHN-105090 // 
            
            
            
            JVNDB: JVNDB-2017-011310 // 
            
            
            
            CNNVD: CNNVD-201709-1100 // 
            
            
            
            NVD: CVE-2017-14374

SOURCES
db:VULHUBid:VHN-105090
db:JVNDBid:JVNDB-2017-011310
db:CNNVDid:CNNVD-201709-1100
db:NVDid:CVE-2017-14374

LAST UPDATE DATE
2025-04-20T23:15:50.295000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105090date:2017-12-27T00:00:00
db:JVNDBid:JVNDB-2017-011310date:2018-01-15T00:00:00
db:CNNVDid:CNNVD-201709-1100date:2017-12-06T00:00:00
db:NVDid:CVE-2017-14374date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-105090date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-011310date:2018-01-15T00:00:00
db:CNNVDid:CNNVD-201709-1100date:2017-09-26T00:00:00
db:NVDid:CVE-2017-14374date:2017-12-06T00:29:00.213