CVE-2017-14375
Summary
| CVE | CVE-2017-14375 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-01 01:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
Risk And Classification
Primary CVSS: v3.0 9.8 CRITICAL from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-290 | Authentication Bypass Vulnerability
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Emc Unisphere | All | All | All | All |
| Application | Emc | Solutions Enabler | All | All | All | All |
| Application | Emc | Vasa | All | All | All | All |
| Application | Emc | Vmax Emanagement | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | EMC VMAX Virtual Appliance VApp EMC Unisphere For VMAX Virtual Appliance Versions Prior To 8.4.0.15 EMC Solutions Enabler Virtual Appliance Versions Prior To 8.4.0.15 EMC VASA Virtual Appliance Versions Prior To 8.4.0.512 EMC VMAX Embedded Management EManagement Versions Prior To And Including 1.4 Enginuity Release 5977.1125.1125 And Earlier | affected EMC VMAX Virtual Appliance (vApp) EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Multiple EMC Products CVE-2017-14375 Authentication Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| EMC Unisphere for VMAX Virtual Appliance Authentication Bypass Lets Remote Users Access the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.