CVE-2017-8012

moderate-risk

Published 2017-09-22

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

Do I need to act?

0.69% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.4/10 High

NETWORK / HIGH complexity

Affected Products (4)

Emc M\&R

Emc Storage Monitoring And Reporting

Emc Vnx Monitoring And Reporting

Emc Vipr Srm

Affected Vendors

Dell

References (8)

Mailing List http://seclists.org/fulldisclosure/2017/Sep/51

Third Party Advisory http://www.securityfocus.com/bid/100982

Third Party Advisory http://www.securitytracker.com/id/1039417

Third Party Advisory http://www.securitytracker.com/id/1039418

Mailing List http://seclists.org/fulldisclosure/2017/Sep/51

Third Party Advisory http://www.securityfocus.com/bid/100982

Third Party Advisory http://www.securitytracker.com/id/1039417

Third Party Advisory http://www.securitytracker.com/id/1039418

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 2/34 · Minimal

Exposure 10/34 · Low