Vulnerability Details : CVE-2017-4985
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.
Exploit prediction scoring system (EPSS) score for CVE-2017-4985
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-4985
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-4985
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-4985
-
http://www.securityfocus.com/archive/1/540738/30/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/99037
EMC VNX1/VNX2 OE for File CVE-2017-4985 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-4985
- cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*