CVE-2017-4987
First published: Mon Jun 19 2017(Updated: )
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC VNX2 Firmware | ||
| Dell EMC VNX2 | ||
| EMC VNX1 OE Firmware | ||
| EMC VNX1 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-4987?
CVE-2017-4987 has been classified as a high severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2017-4987?
To fix CVE-2017-4987, update the EMC VNX2 to OE for File version 8.1.9.211 or later, or the VNX1 to version 7.1.80.8 or later.
What systems are affected by CVE-2017-4987?
CVE-2017-4987 affects EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8.
Can CVE-2017-4987 be exploited remotely?
No, CVE-2017-4987 requires local authenticated access to exploit the vulnerability.
Who is at risk for CVE-2017-4987?
Local authenticated users of vulnerable EMC VNX systems are at risk of exploitation from CVE-2017-4987.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/emc vnx2 firmware
- canonical/dell emc vnx2
- canonical/emc vnx1 oe firmware
- canonical/emc vnx1 firmware