CVE-2017-4997
EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Las versiones 8.3.x y anteriores de EMC VASA Provider Virtual Appliance contienen una vulnerabilidad de ejecución remota de código no autenticado que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado.
This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of EMC VMAX3 VASA Provider. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UploadConfigurator servlet, which listens on TCP port 5480 by default. The issue results from the web service serving files that have been uploaded by a user. An attacker can leverage this vulnerability to execute arbitrary code under the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-29 CVE Reserved
- 2017-06-29 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/540783/30/0/threaded | Third Party Advisory | |
http://www.securityfocus.com/bid/99169 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Emc Vasa Provider Virtual Appliance Search vendor "Dell" for product "Emc Vasa Provider Virtual Appliance" | <= 8.3.0 Search vendor "Dell" for product "Emc Vasa Provider Virtual Appliance" and version " <= 8.3.0" | - |
Affected
|