7.8

CVE-2017-4985

EPSS 0.04%
Published 19.06.2017 12:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Vnx2 Firmware Version-

Emc ≫ Vnx2 Version-

Emc ≫ Vnx1 Firmware Version-

Emc ≫ Vnx1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://www.securityfocus.com/archive/1/540738/30/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99037

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4985

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4985

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4985

EUVD