Vulnerability Description
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osnexus | Quantastor | <= 4.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-DisExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Aug/23ExploitMailing ListThird Party Advisory
- http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txtExploitThird Party AdvisoryURL Repurposed
- https://www.exploit-db.com/exploits/42517/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-DisExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Aug/23ExploitMailing ListThird Party Advisory
- http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txtExploitThird Party AdvisoryURL Repurposed
- https://www.exploit-db.com/exploits/42517/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-9978?
CVE-2017-9978 is a vulnerability with a CVSS score of 5.3 (MEDIUM). On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this inform...
How severe is CVE-2017-9978?
CVE-2017-9978 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9978?
Check the references section above for vendor advisories and patch information. Affected products include: Osnexus Quantastor.