CVE-2017-8012 - OpenCVE

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc M\&r Emc Storage Monitoring And Reporting Emc Vipr Srm Emc Vnx Monitoring And Reporting

Configuration 1 [-]

OR	cpe:2.3:a:dell:emc_m\&r::::::::
	cpe:2.3:a:dell:emc_storage_monitoring_and_reporting::::::::
	cpe:2.3:a:dell:emc_vipr_srm::::::::
	cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Sep/51
http://www.securityfocus.com/bid/100982
http://www.securitytracker.com/id/1039417
http://www.securitytracker.com/id/1039418

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-09-22T01:00:00

Updated: 2024-08-05T16:19:29.486Z

Reserved: 2017-04-21T00:00:00

Link: CVE-2017-8012

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-22T01:29:25.500

Modified: 2021-09-13T12:07:25.187

Link: CVE-2017-8012

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"}]}], "datePublic": "2017-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-26T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1039418", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039418"}, {"name": "100982", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100982"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039417"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", "version": {"version_data": [{"version_value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "1039418", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039418"}, {"name": "100982", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100982"}, {"name": "http://seclists.org/fulldisclosure/2017/Sep/51", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039417"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.486Z"}, "title": "CVE Program Container", "references": [{"name": "1039418", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039418"}, {"name": "100982", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100982"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039417"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8012", "datePublished": "2017-09-22T01:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.486Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_m\\&r:*:*:*:*:*:*:*:*", "matchCriteriaId": "4257D51A-8593-43F5-9C39-1D0BA9DD2C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "B368A32D-4310-476A-A012-67D9A77D4EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C", "versionEndIncluding": "4.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7DC88D9-BBC4-47B7-83D4-6958FDD6FF55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."}, {"lang": "es", "value": "En EMC ViPR SRM, Storage MR, VNX MR y MR (Watch4Net) para SAS Solution Packs, el protocolo Java Management Extensions (JMX) empleado para la comunicaci\u00f3n entre componentes los componentes Alerting o Compliance puede aprovecharse para provocar una condici\u00f3n de denegaci\u00f3n de servicio. Los atacantes que conozcan las credenciales de usuario del agente JMX podr\u00edan explotar esta vulnerabilidad para crear archivos arbitrarios en el sistema afectado y crear una condici\u00f3n de denegaci\u00f3n de servicio mediante el aprovechamiento de las capacidades inherentes del protocolo JMX."}], "id": "CVE-2017-8012", "lastModified": "2021-09-13T12:07:25.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-22T01:29:25.500", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100982"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039417"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039418"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}