CVE-2017-4983 - OpenCVE

EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Data Domain Os

Configuration 1 [-]

OR	cpe:2.3:o:dell:emc_data_domain_os:5.2:::::::*
	cpe:2.3:o:dell:emc_data_domain_os:5.4:::::::*
	cpe:2.3:o:dell:emc_data_domain_os:5.5:::::::*
	cpe:2.3:o:dell:emc_data_domain_os:5.6:::::::*
	cpe:2.3:o:dell:emc_data_domain_os:5.7:::::::*
	cpe:2.3:o:dell:emc_data_domain_os:6.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/540517/30/0/threaded
http://www.securityfocus.com/bid/98047
http://www.securitytracker.com/id/1038404

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-05-04T14:00:00

Updated: 2024-08-05T14:47:43.625Z

Reserved: 2016-12-29T00:00:00

Link: CVE-2017-4983

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-04T14:29:00.153

Modified: 2020-12-07T17:25:28.360

Link: CVE-2017-4983

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0"}]}], "datePublic": "2017-05-04T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "98047", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98047"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.securityfocus.com/archive/1/540517/30/0/threaded"}, {"name": "1038404", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038404"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0", "version": {"version_data": [{"version_value": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation Vulnerability"}]}]}, "references": {"reference_data": [{"name": "98047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98047"}, {"name": "http://www.securityfocus.com/archive/1/540517/30/0/threaded", "refsource": "CONFIRM", "url": "http://www.securityfocus.com/archive/1/540517/30/0/threaded"}, {"name": "1038404", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038404"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:43.625Z"}, "title": "CVE Program Container", "references": [{"name": "98047", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98047"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540517/30/0/threaded"}, {"name": "1038404", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038404"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4983", "datePublished": "2017-05-04T14:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:43.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_data_domain_os:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2164BB5-BB03-40AC-8516-D6B1F391A14B", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "4F1B32F0-314B-4461-A25C-B44D05A58A8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "04030715-63F7-4DD1-9513-2E131BD9B13D", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "846D0C1D-F93E-4685-9DFA-90FCD360F41B", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "2E70A9F7-A09A-4E69-ABE7-A624CC00D1BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "22581424-17D9-4520-BB2D-BD083DE6B964", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system."}, {"lang": "es", "value": "El sistema operativo EMC Data Domain entre las versi\u00f3nes 5.2 y 5.7 y las anteriores a la 5.7.3.0,y entre la versi\u00f3n 6.0 y la 6.0.1.0, se ve afectado por una vulnerabilidad de escalamiento de privilegios que puede ser explotada por los atacantes para comprometer el sistema afectado."}], "id": "CVE-2017-4983", "lastModified": "2020-12-07T17:25:28.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T14:29:00.153", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540517/30/0/threaded"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98047"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1038404"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}