CVE-2017-4985 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emc	Vnx2 Firmware	-
Emc	Vnx2	-
Emc	Vnx1 Firmware	-
Emc	Vnx1	-

Related Weaknesses (CWE)

CWE-862

References

http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99037Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99037Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-4985?

CVE-2017-4985 is a vulnerability with a CVSS score of 7.8 (HIGH). In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization c...

How severe is CVE-2017-4985?

CVE-2017-4985 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-4985?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Vnx2 Firmware, Emc Vnx2, Emc Vnx1 Firmware, Emc Vnx1.