CVE-2019-18588 : Security Advisory and Response

Dell EMC Unisphere for PowerMax and PowerMax OS contain a critical Cross-Site Scripting (XSS) vulnerability that could be exploited by authenticated users to inject malicious code.

Understanding CVE-2019-18588

Versions of Dell EMC Unisphere for PowerMax older than 9.1.0.9, versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 are affected by a Cross-Site Scripting (XSS) vulnerability.

What is CVE-2019-18588?

This CVE identifies a critical Cross-Site Scripting (XSS) vulnerability in Dell EMC Unisphere for PowerMax and PowerMax OS, allowing authenticated users to inject malicious code.

The Impact of CVE-2019-18588

If exploited, an authenticated user with malicious intent could inject JavaScript code, potentially impacting the sessions of other authenticated users. The vulnerability has a CVSS base score of 9.0, indicating a critical severity level.

Technical Details of CVE-2019-18588

Vulnerability Description

The vulnerability is related to Cross-Site Scripting (XSS), enabling attackers to inject malicious scripts into web pages viewed by other users.

Affected Systems and Versions

Dell EMC Unisphere for PowerMax versions older than 9.1.0.9 and versions prior to 9.0.2.16
Dell EMC PowerMax OS 5978.221.221 and 5978.479.479

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality, Integrity, and Availability Impact: High

Mitigation and Prevention

Immediate Steps to Take

Update Dell EMC Unisphere for PowerMax to version 9.1.0.9 or higher
Apply patches for Dell EMC PowerMax OS 5978.221.221 and 5978.479.479

Long-Term Security Practices

Regularly monitor and audit web applications for vulnerabilities
Educate users on safe browsing practices to prevent XSS attacks

Patching and Updates

Stay informed about security updates from Dell EMC
Implement a robust patch management process to promptly apply security fixes