Lucene search

DellCVE-2017-8012

HistorySep 22, 2017 - 1:29 a.m.

CVE-2017-8012

2017-09-2201:29:25

dell

web.nvd.nist.gov

emc

vipr

srm

storage m&r

vnx m&r

watch4net

sas

java management extensions

jmx

denial of service

dos

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

Affected configurations

Nvd

Node

dellemc_m\&r

dellemc_storage_monitoring_and_reporting

dellemc_vipr_srmRange≤4.0.2

dellemc_vnx_monitoring_and_reporting

VendorProductVersionCPE
dellemc_m\&r*cpe:2.3:a:dell:emc_m\&r:*:*:*:*:*:*:*:*
dellemc_storage_monitoring_and_reporting*cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*
dellemc_vipr_srm*cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
dellemc_vnx_monitoring_and_reporting*cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_m\&r	*	cpe:2.3:a:dell:emc_m\&r::::::::
dell	emc_storage_monitoring_and_reporting	*	cpe:2.3:a:dell:emc_storage_monitoring_and_reporting::::::::
dell	emc_vipr_srm	*	cpe:2.3:a:dell:emc_vipr_srm::::::::
dell	emc_vnx_monitoring_and_reporting	*	cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting::::::::

CNA Affected

[
  {
    "product": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2017/Sep/51

www.securityfocus.com/bid/100982

www.securitytracker.com/id/1039417

www.securitytracker.com/id/1039418

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

Related for CVE-2017-8012