CVE-2017-4987

EPSS 0.07%
Published 19.06.2017 12:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Vnx2 Firmware Version-

Emc ≫ Vnx2 Version-

Emc ≫ Vnx1 Firmware Version-

Emc ≫ Vnx1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://www.securityfocus.com/archive/1/540738/30/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99045

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4987

EUVD