CVE-2016-0917

Published Sep 21, 2016

Last updated 7 years ago

Overview

Description: The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.
Source: security_alert@emc.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:vnx1_oe_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1713070-BE86-4F26-B2C4-2F76B69FB5EB"
          },
          {
            "criteria": "cpe:2.3:a:emc:vnx2_oe_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C23A356E-3951-4038-B318-2EA84541586F"
          },
          {
            "criteria": "cpe:2.3:a:emc:vnxe_oe_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F14A4EF-B9CA-4307-84A4-1ABE0D676A54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emc:vnx5200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "193D7BC7-59A4-4D5C-B8C4-8291149A41AA"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnx5400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C9ACF1C-B034-48AE-AFCD-3F3FC3E17D6C"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnx5600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26F27C34-2BE8-4FA2-8B9D-1FA7F956D689"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnx5800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5C8713D1-D84F-491C-9A66-DD49824B38D1"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe1600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EFAE060-538A-4777-9915-90FE19AF5FB2"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe3100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F4B291C-C856-40E3-A2E7-ABB1C2DAFF13"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe3150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C83FA52-4B4E-4FBA-90AF-206688699414"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe3200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F2B0CD04-0CDD-48D6-B7BF-38EA19D53FBD"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe3200_hybrid:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D50B8512-D7A8-4B3D-B97D-BA3E1D8AC86A"
          },
          {
            "criteria": "cpe:2.3:h:emc:vnxe3300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F15E510B-C49A-4FDE-B50B-59E26FD7B0E5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References