VASA Provider Virtual Appliance 8.3.x Remote Code Execution Exploit

VASA Provider Virtual Appliance Remote Code Execution Vulnerability

CVE Identifier: CVE-2017-4997
Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

Affected products:  
VASA Provider Virtual Appliance versions 8.3.x and prior  

Summary:  
VASA Provider Virtual Appliance contains a fix for an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. 

Details:  
VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability.  An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.


Resolution:  
The following VASA Provider Virtual Appliance release contains a resolution to this vulnerability:
  VASA Provider Virtual Appliance 8.4.0

EMC recommends all customers upgrade at the earliest opportunity. 

Link to remedies:

Customers can download software from https://support.emc.com/downloads/40557_VASA-Provider

Credits: EMC would like to thank rgod, working with Trend Micro's Zero Day Initiative for reporting this vulnerability.

#  0day.today [2018-01-10]  #