CVE-2017-1710

Published Nov 13, 2017

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:storwize_v7000_firmware:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B0F9CE9-D622-49F7-8D2C-4C4A7E9E6DBA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA2ED020-4C7B-4303-ABE6-74D46D127556"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:storwize_v5000_firmware:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "834DC12B-18ED-4D1A-869D-727A226FDD58"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEB7116F-7DF8-4FF5-B982-FA08604B3BCB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB9C13EA-8C4C-42C5-A451-611FF0904AE8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:san_volume_controller_firmware:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F6CF13-51C2-4943-9658-F72FADE4B37A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D5D84487-CEBA-48A0-9B15-A0300D992E3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References