CVE-2017-8001
Last modified
CVE-2017-8001 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Scaleio | 2.0.1.0 |
| Dell | Emc Scaleio | 2.0.1.1 |
| Dell | Emc Scaleio | 2.0.1.2 |
| Dell | Emc Scaleio | 2.0.1.3 |
References
- http://seclists.org/fulldisclosure/2017/Nov/35Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/101997Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Nov/35Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/101997Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8001?
How severe is CVE-2017-8001?
How do I fix CVE-2017-8001?
Are you affected by CVE-2017-8001?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST