CVE-2017-4984

{"id": "CVE-2017-4984", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-06-19T12:29:00.230", "references": [{"url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/99039", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution."}, {"lang": "es", "value": "En EMC VNX2 en versiones anteriores a OE for File 8.1.9.211 y VNX1 en versiones anteriores a OE for File 7.1.80.8, un atacante remoto no autenticado podr\u00eda ser capaz de elevar sus privilegios a root mediante una inyecci\u00f3n de comandos. Esto podr\u00eda ser explotado por un atacante para ejecutar c\u00f3digo arbitrario con privilegios de nivel root en el sistema VNX Control Station objetivo. Esto tambi\u00e9n se conoce como ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2017-06-29T17:24:29.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1DC2941-60A4-4232-AB6C-B5C3F5E0A034"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA171162-0FF7-43B3-A5D4-9C954E5B37D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4EE4E75-2B7D-4826-BFD8-84739A554316"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C707E8E-AC08-4B58-9AA1-2850A8BC94F8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}