Vulnerability Details : CVE-2017-14375
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Products affected by CVE-2017-14375
- cpe:2.3:a:emc:solutions_enabler:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:vmax_emanagement:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:vasa:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_unisphere:*:*:*:*:*:vmax:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-14375
1.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-14375
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-14375
-
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14375
-
http://www.securityfocus.com/bid/101673
Multiple EMC Products CVE-2017-14375 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039704
EMC Unisphere for VMAX Virtual Appliance Authentication Bypass Lets Remote Users Access the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2017/Oct/70
Full Disclosure: ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass VulnerabilityMailing List;Third Party Advisory
Jump to