ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
EMC Identifier: ESA-2014-028
CVE Identifier: CVE-2014-0644, CVE-2014-0645
Severity Rating: CVSS v2 Base Score: See below for individual scores
Affected products:
EMC Cloud Tiering Appliance (CTA) 10
EMC Cloud Tiering Appliance (CTA) 10 SP1
EMC Cloud Tiering Appliance (CTA) 9.x
EMC File Management Appliance (FMA) 7.x
Summary:
EMC CTA is vulnerable to XML External Entity (XXE) and information disclosure vulnerabilities that may allow a remote malicious user to compromise the affected system.
Details:
EMC CTA versions 10 and 10 SP1 are vulnerable to XXE attack (CVE-2014-0644) which may allow a remote unauthenticated user to access arbitrary files on the affected system with root privileges. The exploit code that exposes the password file has been made available to the public. This vulnerability does not affect CTA 9.x and FMA 7.x versions.
CVSS 8.5 (AV:N/AC:L/Au:N/C:C/I:N/A:P)
In addition, the default passwords for built-in accounts (root, super, admin) are stored using a weak DES encryption algorithm (CVE-2014-0644). This issue does not affect passwords changed during installation/usage of the product and/or for newly added accounts. This issue affects all versions of CTA and FMA.
CVSS 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Resolution:
The following EMC CTA Hot Fixes contain a resolution to the XXE vulnerability:
CTA 10.0 SP1 Hot Fix for ESA-2014-028
CTA 10.0 Hot Fix for ESA-2014-028
EMC strongly recommends all CTA 10.0 and 10SP1 customers apply the hotfixes above at the earliest opportunity.
EMC strongly recommends all CTA and FMA customers change the default password for all users namely SSH users "root" and "super" as well as GUI "admin" accounts. See CTA Getting Started Guide for information on how to change passwords.
Link to remedies:
Customers with CTA 10.0 and CTA 10.0 SP1 can download the hotfix and instructions to apply the hotfix from the following Support Zone links.
10.0: https://download.emc.com/downloads/DL53068_CTA-10.0-Hot-Fix-for-ESA-2014-028.zip
10.0 SP1: https://download.emc.com/downloads/DL53069_CTA-10.0-SP1-Hot-Fix-for-ESA-2014-028.zip