CVE-2016-9869

MEDIUM

EMC ScaleIO <2.0.1.1 - Privilege Escalation

Title source: llm

Description

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/539983/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95303

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 11.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-275

Status published

Affected Products (2)

emc/scaleio < 2.0.1.0

n/a/EMC ScaleIO versions before 2.0.1.1 < EMC ScaleIO versions before 2.0.1.1

Timeline

Published Jan 06, 2017

Tracked Since Feb 18, 2026