PT-2017-16246 · Emc · Emc Vnx1+2

Published

2017-06-19

Updated

2019-10-03

CVE-2017-4985

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC VNX2 versions prior to 8.1.9.211 EMC VNX1 versions prior to 7.1.80.8

Description A local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

Recommendations For EMC VNX2 versions prior to 8.1.9.211, update to version 8.1.9.211 or later to resolve the issue. For EMC VNX1 versions prior to 7.1.80.8, update to version 7.1.80.8 or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2017-4985

Affected Products

Emc Vnx1

Emc Vnx2

Vnx Control Station

PT-2017-16246 · Emc · Emc Vnx1+2

CVE-2017-4985

Weakness Enumeration

Related Identifiers

Affected Products

References · 3