CVE-2017-4984 - OpenCVE

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Vnx1 Vnx1 Firmware Vnx2 Vnx2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/540738/30/0/threaded
http://www.securityfocus.com/bid/99039

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-06-19T12:00:00

Updated: 2024-08-05T14:47:44.077Z

Reserved: 2016-12-29T00:00:00

Link: CVE-2017-4984

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-06-19T12:29:00.230

Modified: 2017-06-29T17:24:29.123

Link: CVE-2017-4984

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8"}]}], "datePublic": "2017-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-20T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded"}, {"name": "99039", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99039"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4984", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8", "version": {"version_data": [{"version_value": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution vulnerability"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/archive/1/540738/30/0/threaded", "refsource": "CONFIRM", "url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded"}, {"name": "99039", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99039"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:44.077Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded"}, {"name": "99039", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99039"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4984", "datePublished": "2017-06-19T12:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:44.077Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1DC2941-60A4-4232-AB6C-B5C3F5E0A034", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA171162-0FF7-43B3-A5D4-9C954E5B37D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4EE4E75-2B7D-4826-BFD8-84739A554316", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C707E8E-AC08-4B58-9AA1-2850A8BC94F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution."}, {"lang": "es", "value": "En EMC VNX2 en versiones anteriores a OE for File 8.1.9.211 y VNX1 en versiones anteriores a OE for File 7.1.80.8, un atacante remoto no autenticado podr\u00eda ser capaz de elevar sus privilegios a root mediante una inyecci\u00f3n de comandos. Esto podr\u00eda ser explotado por un atacante para ejecutar c\u00f3digo arbitrario con privilegios de nivel root en el sistema VNX Control Station objetivo. Esto tambi\u00e9n se conoce como ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2017-4984", "lastModified": "2017-06-29T17:24:29.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-19T12:29:00.230", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99039"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}