PT-2017-16248 · Emc · Emc Vnx1+2

Published

2017-06-19

Updated

2017-06-29

CVE-2017-4987

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EMC VNX2 versions prior to 8.1.9.211 EMC VNX1 versions prior to 7.1.80.8

Description A local authenticated user can load a maliciously crafted file in the search path, potentially allowing the attacker to execute arbitrary code on the targeted VNX Control Station system. This is due to an uncontrolled search path issue.

Recommendations For EMC VNX2 versions prior to 8.1.9.211, update to version 8.1.9.211 or later to resolve the issue. For EMC VNX1 versions prior to 7.1.80.8, update to version 7.1.80.8 or later to resolve the issue.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2017-4987

Affected Products

Emc Vnx1

Emc Vnx2

Vnx Control Station

PT-2017-16248 · Emc · Emc Vnx1+2

CVE-2017-4987

Weakness Enumeration

Related Identifiers

Affected Products

References · 3