Vulnerability Key Information Summary Vulnerability ID: - DSA-2018-136 - CVE-2018-11062 Vulnerability Description: Dell EMC Integrated Data Protection Appliance (IDPA) contains undocumented accounts that may be exploited by malicious users to compromise the system. CVE Score: CVSSv3 Base Score: 8.6 Affected Products: - Dell EMC Integrated Data Protection Appliance 2.0 - Dell EMC Integrated Data Protection Appliance 2.1 - Dell EMC Integrated Data Protection Appliance 2.2 Vulnerability Details: IDPA versions 2.0, 2.1, and 2.2 include undocumented accounts named "support" and "admin", protected by default passwords. These accounts have limited privileges and can access certain system files. Malicious users who know the default passwords may log in to the system and gain read and write access to certain system files. Remediation: - Log in to Data Protection Advisor - Datastore Server Virtual Machine, and use an SSH client such as PuTTY to execute commands as the root user to delete the "support" and "admin" accounts. - Verify that the accounts have been deleted. The output of the following commands should be "no such user": - Repeat the above process for other related virtual machines based on the affected IDPA version. - Dell EMC strongly recommends following the security best practices outlined in the iDPA Security Configuration Guide. Severity Level: High Reference Links: - Security Configuration Guide: https://support.emc.com/products/41849Integrated-Data-Protection-Appliance/Documentation - Patch Download (for registered customers): https://download.dell.com/downloads/DL89669_idpa_post_update_2.1.0.599285.tar.gz Contact Information: - Dell EMC Technical Support: https://support.dell.com/servicecenter/contactEMC