Vulnerability Details : CVE-2017-8019
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-8019
- cpe:2.3:a:emc:scaleio:2.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:scaleio:2.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:scaleio:2.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:scaleio:2.0.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8019
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8019
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-8019
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8019
-
http://www.securityfocus.com/bid/101991
EMC ScaleIO CVE-2017-8019 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2017/Nov/35
Full Disclosure: ESA-2017-094: EMC ScaleIO Multiple VulnerabilitiesMailing List;Third Party Advisory
Jump to