Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-0917

Опубликовано: 21 сент. 2016
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:emc:vnx1_oe_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:emc:vnx2_oe_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:emc:vnxe_oe_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:emc:vnx5200:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnx5800:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe1600:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe3100:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe3150:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe3200:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe3200_hybrid:-:*:*:*:*:*:*:*
cpe:2.3:h:emc:vnxe3300:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04134
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-8g56-72qr-4pmv

CVSS3: 9.8
github
больше 3 лет назад

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.

EPSS

Процентиль: 88%
0.04134
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264