CVE-2014-0645
Summary
| CVE | CVE-2014-0645 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-17 01:55:05 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
NoneAvailability
NoneAV:L/AC:M/Au:N/C:C/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Emc | Cloud Tiering Appliance | - | All | All | All |
| Application | Emc | Cloud Tiering Appliance Software | 10.0 | - | All | All |
| Application | Emc | Cloud Tiering Appliance Software | 10.0 | sp1 | All | All |
| Application | Emc | Cloud Tiering Appliance Software | 9.0 | All | All | All |
| Hardware | Emc | File Management Appliance | - | All | All | All |
| Application | Emc | File Management Appliance Software | 7.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| EMC CTA unauthed XXE with root perms · GitHub | af854a3a-2127-422b-91ae-364da2661108 | gist.github.com | |
| Full Disclosure: EMC CTA v10.0 unauthenticated XXE with root perms | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| archives.neohapsis.com/archives/bugtraq/2014-04/0094.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.