CVE-2017-8019 - OpenCVE

An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Scaleio

Configuration 1 [-]

OR	cpe:2.3:a:emc:scaleio:2.0.1.0:::::::*
	cpe:2.3:a:emc:scaleio:2.0.1.1:::::::*
	cpe:2.3:a:emc:scaleio:2.0.1.2:::::::*
	cpe:2.3:a:emc:scaleio:2.0.1.3:::::::*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Nov/35
http://www.securityfocus.com/bid/101991

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-11-28T07:00:00

Updated: 2024-08-05T16:19:29.717Z

Reserved: 2017-04-21T00:00:00

Link: CVE-2017-8019

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-11-28T07:29:00.367

Modified: 2017-12-15T17:21:48.937

Link: CVE-2017-8019

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)"}]}], "datePublic": "2017-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-01T10:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "101991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101991"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2017/Nov/35"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8019", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)", "version": {"version_data": [{"version_value": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "101991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101991"}, {"name": "http://seclists.org/fulldisclosure/2017/Nov/35", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2017/Nov/35"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.717Z"}, "title": "CVE Program Container", "references": [{"name": "101991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101991"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Nov/35"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8019", "datePublished": "2017-11-28T07:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.717Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:scaleio:2.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73E578EC-E7F8-4E4E-98ED-AD1F000DF8B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:scaleio:2.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C514B774-4EC0-42EE-8421-970C85CF398C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:scaleio:2.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "70C41DD1-C7DE-4BC3-8184-DC1DFDCFEE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:scaleio:2.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1B7D777-73FB-427C-8D0F-E1D81A55D015", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation."}, {"lang": "es", "value": "Se ha descubierto un problema en EMC ScaleIO 2.0.1.x. Una vulnerabilidad en los analizadores sint\u00e1cticos de mensajes (MDM, SDS y LIA) podr\u00eda permitir que un atacante remoto no autenticado env\u00ede paquetes especialmente manipulados para detener los servicios de ScaleIO y provocar una situaci\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2017-8019", "lastModified": "2017-12-15T17:21:48.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-28T07:29:00.367", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Nov/35"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101991"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}