CVE-2017-4984 — CRITICAL (9.8)

Vulnerability Description

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emc	Vnx2 Firmware	-
Emc	Vnx2	-
Emc	Vnx1 Firmware	-
Emc	Vnx1	-

Related Weaknesses (CWE)

CWE-77

References

http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99039Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99039Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-4984?

CVE-2017-4984 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a comma...

How severe is CVE-2017-4984?

CVE-2017-4984 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-4984?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Vnx2 Firmware, Emc Vnx2, Emc Vnx1 Firmware, Emc Vnx1.