Vulnerabilities > EMC > Vnx1 Firmware

DATE CVE VULNERABILITY TITLE RISK
2017-06-19 CVE-2017-4987 Uncontrolled Search Path Element vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.
local
emc CWE-427
4.4
4.4
2017-06-19 CVE-2017-4985 Missing Authorization vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts.
local
low complexity
emc CWE-862
7.2
7.2
2017-06-19 CVE-2017-4984 Command Injection vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection.
network
low complexity
emc CWE-77
critical
 10.0
10