CVE-2017-4987

Опубликовано: 19 июн. 2017

Источник: nvd

CVSS3: 7.3

CVSS2: 4.4

EPSS Низкий

Описание

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

Ссылки

http://www.securityfocus.com/archive/1/540738/30/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/99045
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/540738/30/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/99045
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-x4f6-cxp5-xx88