Lucene search

DellCVE-2017-8007

HistorySep 22, 2017 - 1:29 a.m.

CVE-2017-8007

2017-09-2201:29:25

CWE-22

dell

web.nvd.nist.gov

emc

vipr

srm

storage m&r

vnx m&r

directory traversal

vulnerability

nvd

web service

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

68.2%

JSON

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Affected configurations

Nvd

Node

dellemc_m\&r

dellemc_storage_monitoring_and_reporting

dellemc_vipr_srmRange≤4.0.2

dellemc_vnx_monitoring_and_reporting

VendorProductVersionCPE
dellemc_m\&r*cpe:2.3:a:dell:emc_m\&r:*:*:*:*:*:*:*:*
dellemc_storage_monitoring_and_reporting*cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*
dellemc_vipr_srm*cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
dellemc_vnx_monitoring_and_reporting*cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_m\&r	*	cpe:2.3:a:dell:emc_m\&r::::::::
dell	emc_storage_monitoring_and_reporting	*	cpe:2.3:a:dell:emc_storage_monitoring_and_reporting::::::::
dell	emc_vipr_srm	*	cpe:2.3:a:dell:emc_vipr_srm::::::::
dell	emc_vnx_monitoring_and_reporting	*	cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting::::::::

CNA Affected

[
  {
    "product": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2017/Sep/51

www.securityfocus.com/bid/100957

www.securitytracker.com/id/1039417

www.securitytracker.com/id/1039418

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

68.2%

JSON

Related for CVE-2017-8007