CVE-2017-4985
Last modified
CVE-2017-4985 is a vulnerability of currently unknown severity. In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Emc | Vnx2 Firmware | All versions |
| Emc | Vnx1 Firmware | All versions |
References
- http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/99037Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/540738/30/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/99037Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-4985?
How severe is CVE-2017-4985?
How do I fix CVE-2017-4985?
Are you affected by CVE-2017-4985?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST