Sign-up

ID

VAR-201710-1306


CVE

CVE-2017-8021


TITLE

EMC Elastic Cloud Storage Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-008976

DESCRIPTION

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system. Details: ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. Resolution: Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity. Link to Remedy: Customers are requested to contact Customer Support to help change the default password for this account. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR /8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3 veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44= =8t9r -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2017-8021 // JVNDB: JVNDB-2017-008976 // BID: 101018 // VULHUB: VHN-116224 // VULMON: CVE-2017-8021 // PACKETSTORM: 144375

AFFECTED PRODUCTS

vendor:dellmodel:elastic cloud storagescope:lteversion:3.0

Trust: 1.0

vendor:emcmodel:elastic cloud storagescope:eqversion:3.0

Trust: 0.9

vendor:dell emc old emcmodel:elastic cloud storagescope:ltversion:3.1

Trust: 0.8

vendor:emcmodel:elastic cloud storagescope:neversion:3.1

Trust: 0.3

sources: BID: 101018 // JVNDB: JVNDB-2017-008976 // CNNVD: CNNVD-201709-1398 // NVD: CVE-2017-8021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8021
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-8021
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201709-1398
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116224
value: HIGH

Trust: 0.1

VULMON: CVE-2017-8021
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8021
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-116224
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-8021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-116224 // VULMON: CVE-2017-8021 // JVNDB: JVNDB-2017-008976 // CNNVD: CNNVD-201709-1398 // NVD: CVE-2017-8021

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-116224 // JVNDB: JVNDB-2017-008976 // NVD: CVE-2017-8021

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 144375 // CNNVD: CNNVD-201709-1398

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-1398

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008976

PATCH
title:Elastic Cloud Storage (ECS)url:https://www.emc.com/collateral/white-papers/h14071-ecs-architectural-guide-wp.pdf
Trust: 0.8
title:EMC Elastic Cloud Storage Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75256
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008976 // 
            
            
            
            CNNVD: CNNVD-201709-1398

EXTERNAL IDS
db:NVDid:CVE-2017-8021
Trust: 3.0
db:BIDid:101018
Trust: 2.1
db:JVNDBid:JVNDB-2017-008976
Trust: 0.8
db:CNNVDid:CNNVD-201709-1398
Trust: 0.7
db:PACKETSTORMid:144375
Trust: 0.2
db:VULHUBid:VHN-116224
Trust: 0.1
db:VULMONid:CVE-2017-8021
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116224 // 
            
            
            
            VULMON: CVE-2017-8021 // 
            
            
            
            BID: 101018 // 
            
            
            
            JVNDB: JVNDB-2017-008976 // 
            
            
            
            PACKETSTORM: 144375 // 
            
            
            
            CNNVD: CNNVD-201709-1398 // 
            
            
            
            NVD: CVE-2017-8021

REFERENCES
url:http://seclists.org/fulldisclosure/2017/sep/74
Trust: 2.9
url:http://www.securityfocus.com/bid/101018
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2017-8021
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8021
Trust: 0.8
url:http://www.emc.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/1188.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116224 // 
            
            
            
            VULMON: CVE-2017-8021 // 
            
            
            
            BID: 101018 // 
            
            
            
            JVNDB: JVNDB-2017-008976 // 
            
            
            
            PACKETSTORM: 144375 // 
            
            
            
            CNNVD: CNNVD-201709-1398 // 
            
            
            
            NVD: CVE-2017-8021

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101018

SOURCES
db:VULHUBid:VHN-116224
db:VULMONid:CVE-2017-8021
db:BIDid:101018
db:JVNDBid:JVNDB-2017-008976
db:PACKETSTORMid:144375
db:CNNVDid:CNNVD-201709-1398
db:NVDid:CVE-2017-8021

LAST UPDATE DATE
2025-04-20T23:40:00.254000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116224date:2020-08-19T00:00:00
db:VULMONid:CVE-2017-8021date:2020-08-19T00:00:00
db:BIDid:101018date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-008976date:2017-10-31T00:00:00
db:CNNVDid:CNNVD-201709-1398date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8021date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116224date:2017-10-03T00:00:00
db:VULMONid:CVE-2017-8021date:2017-10-03T00:00:00
db:BIDid:101018date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-008976date:2017-10-31T00:00:00
db:PACKETSTORMid:144375date:2017-09-28T00:32:06
db:CNNVDid:CNNVD-201709-1398date:2017-09-26T00:00:00
db:NVDid:CVE-2017-8021date:2017-10-03T01:29:03.247