Description
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf
Scores
CVSS v3
9.8
EPSS
0.0071
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
dell/storage_manager
< 16.3.20
n/a/Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20
Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20
Published
Dec 06, 2017
Tracked Since
Feb 18, 2026