Dell EMC Storage Monitoring and Reporting·´ÐòÁл¯´úÂëÖ´Ðзì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-12-02

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-18580£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Dell EMC Storage Monitoring and Reporting 4.3.1°æ±¾


·ì϶¸ÅÊö


Dell EMC Storage Monitoring and ReportingÊÇÃÀ¹ú´÷¶û£¨Dell£©¹«Ë¾µÄÒ»Ì×´æ´¢»úÄܼà¿ØÈí¼þ¡£¸ÃÈí¼þÌṩ´æ´¢»úÄܼà¿ØºÍ»ã±¨ÌìÉúµÈÖ°ÄÜ¡£


Dell EMC Storage Monitoring and Reporting 4.3.1°æ±¾ÖдæÔÚ´úÂëÎÊÌâ·ì϶¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý·¢ËÍÌØÔìµÄRMIÒªÇóÀûÓø÷ì϶ÔÚÖ¸±êÖ÷»úÉÏÖ´ÐÐËÁÒâ´úÂë¡£


Java RMI·þÎñÖдæÔÚÌض¨È±µã£¬¸Ã·þÎñĬÈÏÇé¿öÏÂÕìÌýTCP¶Ë¿Ú52569¡£ ¸ÃÎÊÌâÊÇÓÉÓÚ²»×ã¶ÔÓû§ÌṩµÄÊý¾ÝµÄÕýÈ·ÑéÖ¤¶øµ¼ÖµÄ£¬Õâ¿ÉÄܵ¼Ö²»ÐÅÀµÊý¾ÝµÄ·´ÐòÁл¯¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£ºhttps://www.dell.com/support/security/zh-cn/details/538977/DSA-2019-176-Dell-EMC-Storage-Monitoring-and-Reporting-SMR-Java-RMI-Deserialization-of-Untruste¡£


²Î¿¼Á´½Ó


https://www.zerodayinitiative.com/advisories/ZDI-19-996/