CVE-2017-4987 — HIGH (7.3) — White Hats Nepal

Vulnerability Description

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emc	Vnx2 Firmware	-
Emc	Vnx2	-
Emc	Vnx1 Firmware	-
Emc	Vnx1	-

Related Weaknesses (CWE)

CWE-427

References

http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99045Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99045Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-4987?

CVE-2017-4987 is a vulnerability with a CVSS score of 7.3 (HIGH). In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potenti...

How severe is CVE-2017-4987?

CVE-2017-4987 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-4987?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Vnx2 Firmware, Emc Vnx2, Emc Vnx1 Firmware, Emc Vnx1.