CVE-2017-4984

Name of the Vulnerable Software and Affected Versions EMC VNX2 versions prior to 8.1.9.211 EMC VNX1 versions prior to 7.1.80.8

Description The issue is related to a lack of input sanitization, which may allow an unauthenticated remote attacker to elevate their permissions to root through a command injection, potentially leading to remote code execution. This could enable an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system.

Recommendations For EMC VNX2 versions prior to 8.1.9.211, update to version 8.1.9.211 or later to resolve the issue. For EMC VNX1 versions prior to 7.1.80.8, update to version 7.1.80.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the VNX Control Station system to minimize the risk of exploitation.