CVE-2016-0912

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
dellemc_data_domain_os
𝑥
≤ 5.7.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Jun/50
http://www.securitytracker.com/id/1036079
http://seclists.org/bugtraq/2016/Jun/50
http://www.securitytracker.com/id/1036079