CVE-2017-2768

CRITICAL

EMC Smarts Network Configuration Manager - Authentication Bypass

Title source: rule

Description

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.

References (3)

[Mailing List, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/540085/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95936

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037761

Scores

CVSS v3 9.8

EPSS 0.0271

EPSS Percentile 85.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (4)

emc/smarts_network_configuration_manager

emc/smarts_network_configuration_manager

emc/smarts_network_configuration_manager

emc/smarts_network_configuration_manager

Timeline

Published Feb 03, 2017

Tracked Since Feb 18, 2026