CVE-2017-4997

CRITICAL

EMC VASA Provider Virtual Appliance <8.3 - RCE

Title source: llm

Description

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99169

Third Party Advisory, VDB Entry x_refsource_confirm

http://www.securityfocus.com/archive/1/540783/30/0/threaded

Scores

CVSS v3 9.8

EPSS 0.0391

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (2)

dell/emc_vasa_provider_virtual_appliance < 8.3.0

n/a/VASA Provider Virtual Appliance versions 8.3.x and prior VASA Provider Virtual Appliance versions 8.3.x and prior

Published Jun 29, 2017

Tracked Since Feb 18, 2026