CVE-2017-4984
moderate-risk
Published 2017-06-19
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.
Do I need to act?
~
3.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Vnx2 Firmware
Vnx1 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/archive/1/540738/30/0/threaded
Third Party Advisory
http://www.securityfocus.com/bid/99039
Third Party Advisory
http://www.securityfocus.com/archive/1/540738/30/0/threaded
Third Party Advisory
http://www.securityfocus.com/bid/99039
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
7/34 · Low