CVE-2017-4987

HIGH

EMC Vnx2 Firmware - Uncontrolled Search Path

Title source: rule

Description

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/540738/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99045

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 22.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (2)

emc/vnx2_firmware

emc/vnx1_firmware

Timeline

Published Jun 19, 2017

Tracked Since Feb 18, 2026