PT-2017-2638 · Emc · Emc Vnx2+2
Published
2017-06-19
·
Updated
2017-06-29
·
CVE-2017-4984
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EMC VNX2 versions prior to 8.1.9.211
EMC VNX1 versions prior to 7.1.80.8
Description
The issue is related to a lack of input sanitization, which may allow an unauthenticated remote attacker to elevate their permissions to root through a command injection, potentially leading to remote code execution. This could enable an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system.
Recommendations
For EMC VNX2 versions prior to 8.1.9.211, update to version 8.1.9.211 or later to resolve the issue.
For EMC VNX1 versions prior to 7.1.80.8, update to version 7.1.80.8 or later to resolve the issue.
As a temporary workaround, consider restricting access to the VNX Control Station system to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Vnx1
Emc Vnx2
Vnx Control Station