CVE-2017-4984
Published Jun 19, 2017
Last updated 7 years ago
Overview
- Description
- In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-77
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1DC2941-60A4-4232-AB6C-B5C3F5E0A034"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CA171162-0FF7-43B3-A5D4-9C954E5B37D6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4EE4E75-2B7D-4826-BFD8-84739A554316"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5C707E8E-AC08-4B58-9AA1-2850A8BC94F8"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]