|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 28896. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM.
05/26/17 - ZDI wrote to Dell requesting a disclosure contact for the product
This is now fixed with NetVault v18.104.22.168.