// For flags

CVE-2017-4985

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

En EMC VNX2 en versiones anteriores a OE for File 8.1.9.211 y VNX1 en versiones anteriores a OE for File 7.1.80.8, un usuario local autenticado podría escalar sus privilegios a root debido a que no se realizan comprobaciones de autorización en ciertos scripts de perl. Esto podría ser explotado por un atacante para ejecutar comandos arbitrarios como root en el sistema VNX Control Station objetivo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-29 CVE Reserved
  • 2017-06-16 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/archive/1/540738/30/0/threaded Third Party Advisory
http://www.securityfocus.com/bid/99037 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Emc
Search vendor "Emc"
 Vnx2 Firmware
Search vendor "Emc" for product "Vnx2 Firmware"
--
Affected
in Emc
Search vendor "Emc"
 Vnx2
Search vendor "Emc" for product "Vnx2"
--
Safe
Emc
Search vendor "Emc"
 Vnx1 Firmware
Search vendor "Emc" for product "Vnx1 Firmware"
--
Affected
in Emc
Search vendor "Emc"
 Vnx1
Search vendor "Emc" for product "Vnx1"
--
Safe