Vulnerabilities > CVE-2017-4985 - Missing Authorization vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

emc

CWE-862

NVD

Published: 2017-06-19

Updated: 2019-10-03

Summary

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.

Vulnerable Configurations

Part	Description	Count
OS	Emc EMC Vnx2 Firmware - EMC Vnx1 Firmware -	2
Hardware	Emc EMC Vnx2 - EMC Vnx1 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.securityfocus.com/archive/1/540738/30/0/threaded
http://www.securityfocus.com/bid/99037