Vulners
Lucene search
VASA Provider Virtual Appliance 8.3.x Remote Code Execution Exploit
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | EMC VASA Provider Virtual Appliance Remote Code Execution Vulnerability | 22 Jun 201700:00 | – | cnvd |
 | EMC VMAX3 VASA Provider UploadConfigurator Directory Traversal (CVE-2017-4997) | 14 Sep 201700:00 | – | checkpoint_advisories |
 | CVE-2017-4997 | 29 Jun 201717:00 | – | cve |
 | CVE-2017-4997 | 29 Jun 201717:00 | – | cvelist |
 | EMC VMAX VASA Provider Virtual Appliance < 8.4.0 File Upload RCE | 28 Jul 201700:00 | – | nessus |
| EMC VMAX VASA Provider Virtual Appliance File Upload RCE | 28 Jul 201700:00 | – | nessus |
 | EUVD-2017-14107 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-4997 | 29 Jun 201717:29 | – | nvd |
 | Remote code execution | 29 Jun 201717:29 | – | prion |
 | EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Remote Code Execution Vulnerability | 19 Jul 201700:00 | – | zdi |
10
VASA Provider Virtual Appliance Remote Code Execution Vulnerability
CVE Identifier: CVE-2017-4997
Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)
Affected products:
VASA Provider Virtual Appliance versions 8.3.x and prior
Summary:
VASA Provider Virtual Appliance contains a fix for an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Details:
VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.
Resolution:
The following VASA Provider Virtual Appliance release contains a resolution to this vulnerability:
VASA Provider Virtual Appliance 8.4.0
EMC recommends all customers upgrade at the earliest opportunity.
Link to remedies:
Customers can download software from https://support.emc.com/downloads/40557_VASA-Provider
Credits: EMC would like to thank rgod, working with Trend Micro's Zero Day Initiative for reporting this vulnerability.
# 0day.today [2018-01-10] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Jun 2017 00:00Current
9.9High risk
Vulners AI Score9.9
EPSS0.03913