CVE-2017-4987

EPSS 0.07%
Veröffentlicht 19.06.2017 12:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Vnx2 Firmware Version-

Emc ≫ Vnx2 Version-

Emc ≫ Vnx1 Firmware Version-

Emc ≫ Vnx1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://www.securityfocus.com/archive/1/540738/30/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99045

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4987

EUVD