Sign-up

ID

VAR-201709-1103


CVE

CVE-2017-8007


TITLE

plural EMC Product vulnerable to path traversal

Trust: 0.8

sources: JVNDB: JVNDB-2017-008470

DESCRIPTION

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within Scheduler.class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. EMCViPRSRM and other products are products of American company. EMCViPRSRM is a set of storage resource management software. StorageM&R is a data storage collector. WebserviceGateway is one of the gateways. A remote attacker could use the vulnerability to access information, change or delete data by sending a request with a directory traversal sequence of \342\200\230../\342\200\231. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities EMC Identifier: ESA-2017-081 CVE Identifier: CVE-2017-8007, CVE-2017-8012 Severity Rating: CVSS Base Score: See below for individual scores. CVSSv3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) * JMX Denial of Service Vulnerability (CVE-2017-8012) The Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components in these products can be leveraged to create a denial of service (DoS) condition. Please see ESA-2017-089 for more details on how to change the credentials. * Customers are strongly advised to review product documentation and use firewall controls to limit access to WebService Gateway and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. Mitigation information for CVE-2017-8012 for all customers: * Change any default JMX agent credentials. Please see ESA-2017-089 for more details on how to change the credentials. * Review product documentation and use firewall controls to limit access to the JMX ports and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. * Future releases will contain further measures to remove or harden communication via the JMX protocol. EMC VNX M&R customers must migrate to EMC Storage M&R version 4.1 or later to receive future security fixes. Link to remedies: * For EMC ViPR SRM and EMC Storage M&R, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM. * For EMC M&R (Watch4Net) for SAS Solution Packs, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/6175_Smarts-Service-Assurance-Manager * For VNX M&R, registered EMC Online Support customers can follow the mitigation steps described above. Credits: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZwl9WAAoJEHbcu+fsE81ZLegH+wU8RTmKZt33ThZsOJcGekEJ CuD+v/JawNGDxK6nheFPreMa/IQRTTskGeVmbqypcV6Gh5pfx711OYzMnXBsufqH LNNywQ6q1hsM5LPYkZ1hu9bHcotM5Uvd80Lpsld1xU3TGbU+ruULPK2WY1QHcIyL IvU43HW803SCTS5lNaL+OKX3Coa+UUW1t7psJ0mVdCC3U19Qh+RrZPSnyHBThe5Z Btho0WoKauY+jqO6RxML+BT8D02Dn/+kjnlWyaca0QTXu8k0oEBqLI+vnO+KJCKY HxkxI1uvWsWy+z7x3MdsatFCl9ksMpXsWBoPR4EgZGbebDX38R9+ww/ryWQDPQ8= =jk2j -----END PGP SIGNATURE-----

Trust: 3.15

sources: NVD: CVE-2017-8007 // JVNDB: JVNDB-2017-008470 // ZDI: ZDI-17-827 // CNVD: CNVD-2017-35396 // BID: 100957 // PACKETSTORM: 144273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35396

AFFECTED PRODUCTS

vendor:dellmodel:emc m\&rscope:eqversion:*

Trust: 1.0

vendor:dellmodel:emc vnx monitoring and reportingscope:eqversion:*

Trust: 1.0

vendor:dellmodel:emc vipr srmscope:lteversion:4.0.2

Trust: 1.0

vendor:dellmodel:emc storage monitoring and reportingscope:eqversion:*

Trust: 1.0

vendor:dell emc old emcmodel:m&rscope:eqversion:(watch4net) for sas solution packs

Trust: 0.8

vendor:dell emc old emcmodel:storage m&rscope: - version: -

Trust: 0.8

vendor:dell emc old emcmodel:vnx m&rscope: - version: -

Trust: 0.8

vendor:dell emc old emcmodel:vipr srmscope: - version: -

Trust: 0.8

vendor:dell emcmodel:vnx monitoring and reportingscope: - version: -

Trust: 0.7

vendor:emcmodel:vipr srmscope: - version: -

Trust: 0.6

vendor:emcmodel:m&r for sas solution packsscope: - version: -

Trust: 0.6

vendor:emcmodel:storage m&rscope: - version: -

Trust: 0.6

vendor:emcmodel:vnx m&rscope: - version: -

Trust: 0.6

vendor:emcmodel:storage m\&rscope: - version: -

Trust: 0.6

vendor:emcmodel:vnx m\&rscope: - version: -

Trust: 0.6

vendor:emcmodel:vipr srmscope:eqversion:4.0.2

Trust: 0.6

vendor:emcmodel:m\&rscope: - version: -

Trust: 0.6

vendor:emcmodel:vipr srmscope:eqversion:3.6.3

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.4

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.1

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7.2

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.0

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7.1

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.6.2

Trust: 0.3

vendor:emcmodel:vipr srmscope:eqversion:3.7

Trust: 0.3

vendor:emcmodel:vipr srmscope:neversion:4.1

Trust: 0.3

vendor:emcmodel:storage m&rscope:eqversion:0

Trust: 0.3

vendor:emcmodel:m&r for sas solution packsscope:eqversion:0

Trust: 0.3

vendor:emcmodel:vnx m&rscope:eqversion:0

Trust: 0.3

vendor:emcmodel:storage m&rscope:neversion:4.1

Trust: 0.3

sources: ZDI: ZDI-17-827 // CNVD: CNVD-2017-35396 // BID: 100957 // JVNDB: JVNDB-2017-008470 // CNNVD: CNNVD-201709-1083 // NVD: CVE-2017-8007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8007
value: HIGH

Trust: 1.0

NVD: CVE-2017-8007
value: HIGH

Trust: 0.8

ZDI: CVE-2017-8007
value: HIGH

Trust: 0.7

CNVD: CNVD-2017-35396
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-1083
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-8007
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2017-8007
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2017-35396
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8007
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-8007
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-17-827 // CNVD: CNVD-2017-35396 // JVNDB: JVNDB-2017-008470 // CNNVD: CNNVD-201709-1083 // NVD: CVE-2017-8007

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2017-008470 // NVD: CVE-2017-8007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1083

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201709-1083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008470

PATCH
title:Top Pageurl:https://japan.emc.com/about/index.htm
Trust: 0.8
title:Dell EMC has issued an update to correct this vulnerability.url:http://seclists.org/fulldisclosure/2017/Sep/51
Trust: 0.7
title:Patches for a variety of EMC product WebserviceGateway directory traversal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/106849
Trust: 0.6
title:Multiple EMC product Webservice Gateway Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75071
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-827 // 
            
            
            
            CNVD: CNVD-2017-35396 // 
            
            
            
            JVNDB: JVNDB-2017-008470 // 
            
            
            
            CNNVD: CNNVD-201709-1083

EXTERNAL IDS
db:NVDid:CVE-2017-8007
Trust: 4.1
db:BIDid:100957
Trust: 2.5
db:SECTRACKid:1039417
Trust: 1.6
db:SECTRACKid:1039418
Trust: 1.6
db:ZDIid:ZDI-17-827
Trust: 1.0
db:JVNDBid:JVNDB-2017-008470
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4754
Trust: 0.7
db:CNVDid:CNVD-2017-35396
Trust: 0.6
db:CNNVDid:CNNVD-201709-1083
Trust: 0.6
db:PACKETSTORMid:144273
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-827 // 
            
            
            
            CNVD: CNVD-2017-35396 // 
            
            
            
            BID: 100957 // 
            
            
            
            JVNDB: JVNDB-2017-008470 // 
            
            
            
            PACKETSTORM: 144273 // 
            
            
            
            CNNVD: CNNVD-201709-1083 // 
            
            
            
            NVD: CVE-2017-8007

REFERENCES
url:http://seclists.org/fulldisclosure/2017/sep/51
Trust: 4.0
url:http://www.securityfocus.com/bid/100957
Trust: 2.2
url:http://www.securitytracker.com/id/1039418
Trust: 1.6
url:http://www.securitytracker.com/id/1039417
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-8007
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8007
Trust: 0.8
url:http://www.emc.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-17-827/
Trust: 0.3
url:https://support.emc.com/downloads/6175_smarts-service-assurance-manager
Trust: 0.1
url:https://support.emc.com/kb/503844)
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8012
Trust: 0.1
url:https://support.emc.com/downloads/34247_vipr-srm.
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-827 // 
            
            
            
            CNVD: CNVD-2017-35396 // 
            
            
            
            BID: 100957 // 
            
            
            
            JVNDB: JVNDB-2017-008470 // 
            
            
            
            PACKETSTORM: 144273 // 
            
            
            
            CNNVD: CNNVD-201709-1083 // 
            
            
            
            NVD: CVE-2017-8007

CREDITS
rgod working with Trend Micro's Zero Day Initiative
Trust: 0.9
sources:
            
            
            BID: 100957 // 
            
            
            
            CNNVD: CNNVD-201709-1083

SOURCES
db:ZDIid:ZDI-17-827
db:CNVDid:CNVD-2017-35396
db:BIDid:100957
db:JVNDBid:JVNDB-2017-008470
db:PACKETSTORMid:144273
db:CNNVDid:CNNVD-201709-1083
db:NVDid:CVE-2017-8007

LAST UPDATE DATE
2025-04-20T23:12:54.644000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-827date:2017-09-26T00:00:00
db:CNVDid:CNVD-2017-35396date:2017-11-29T00:00:00
db:BIDid:100957date:2017-10-03T13:01:00
db:JVNDBid:JVNDB-2017-008470date:2017-10-19T00:00:00
db:CNNVDid:CNNVD-201709-1083date:2021-09-01T00:00:00
db:NVDid:CVE-2017-8007date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-827date:2017-09-26T00:00:00
db:CNVDid:CNVD-2017-35396date:2017-11-29T00:00:00
db:BIDid:100957date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2017-008470date:2017-10-19T00:00:00
db:PACKETSTORMid:144273date:2017-09-20T22:33:33
db:CNNVDid:CNNVD-201709-1083date:2017-09-26T00:00:00
db:NVDid:CVE-2017-8007date:2017-09-22T01:29:25.467