PT-2017-16246 · Emc · Emc Vnx1+2

Publicado

2017-06-19

Atualizado

2019-10-03

CVE-2017-4985

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC VNX2 versions prior to 8.1.9.211 EMC VNX1 versions prior to 7.1.80.8

Description A local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

Recommendations For EMC VNX2 versions prior to 8.1.9.211, update to version 8.1.9.211 or later to resolve the issue. For EMC VNX1 versions prior to 7.1.80.8, update to version 7.1.80.8 or later to resolve the issue.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2017-4985

Produtos afetados

Emc Vnx1

Emc Vnx2

Vnx Control Station

PT-2017-16246 · Emc · Emc Vnx1+2

CVE-2017-4985

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3