Lucene search

[email protected]CVE-2016-8216

HistoryFeb 03, 2017 - 7:59 a.m.

CVE-2016-8216

2017-02-0307:59:00

CWE-264

[email protected]

web.nvd.nist.gov

emc

data domain

dd os

5.4

5.5

5.6

5.7

vulnerability

command injection

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Affected configurations

NVD

Node

dellemc_data_domain_osMatch5.4

dellemc_data_domain_osMatch5.5

dellemc_data_domain_osMatch5.6

dellemc_data_domain_osMatch5.7

CPENameOperatorVersion
dell:emc_data_domain_osdell emc data domain oseq5.4
dell:emc_data_domain_osdell emc data domain oseq5.5
dell:emc_data_domain_osdell emc data domain oseq5.6
dell:emc_data_domain_osdell emc data domain oseq5.7

CPE	Name	Operator	Version
dell:emc_data_domain_os	dell emc data domain os	eq	5.4
dell:emc_data_domain_os	dell emc data domain os	eq	5.5
dell:emc_data_domain_os	dell emc data domain os	eq	5.6
dell:emc_data_domain_os	dell emc data domain os	eq	5.7

CNA Affected

[
  {
    "product": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10"
      }
    ]
  }
]

References

www.securityfocus.com/archive/1/540059/30/0/threaded

www.securityfocus.com/bid/95829

www.securitytracker.com/id/1037728

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2016-8216

cvelist1 nvd1 openvas1 prion1