7.8

CVE-2017-4985

EPSS 0.04%
Veröffentlicht 19.06.2017 12:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Vnx2 Firmware Version-

Emc ≫ Vnx2 Version-

Emc ≫ Vnx1 Firmware Version-

Emc ≫ Vnx1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://www.securityfocus.com/archive/1/540738/30/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99037

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4985

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4985

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4985

EUVD