7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
61.9%
Lenovo Security Advisory: LEN-17538
Potential Impact: Arbitrary Code Execution
Severity: High
**Scope of Impact:**Industry-Wide
**CVE Identifier:**CVE-2017-1000364, CVE-2017-1000366
Summary:
Several vulnerabilities have been identified on the Lenovo StorSelect DX8200C MT 5120 running versions of Cloudian HyperStore earlier than v6.2.1.
Lenovo StorSelect is a software-defined storage (SDS) solution that runs on Lenovo x86 servers.
All appliance customers are advised to review this article and take necessary action for their CentOS 6.8. Vulnerabilities have been reported by Redhat in the Linux glibc and kernel packages, and remedies have been provided.
Mitigation Strategy for Customers (what you should do to protect yourself):
For StorSelect DX8200C Licensed End Users: <https://cloudian-support.force.com/lenovo/50110000000EMp4>
For a complete list of all Lenovo Product Security Advisories, click here.
Revision History:
Revision
|
Date
|
Description
β|β|β
1
|
10/26/2017
|
Initial release
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
61.9%