{"api_version":"1","generated_at":"2026-07-09T03:33:42+00:00","cve":"CVE-2016-9867","urls":{"html":"https://cve.report/CVE-2016-9867","api":"https://cve.report/api/cve/CVE-2016-9867.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9867","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9867"},"summary":{"title":"CVE-2016-9867","description":"An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.","state":"PUBLISHED","assigner":"dell","published_at":"2017-01-06 22:59:00","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-264","Privilege escalation vulnerability"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/95300","name":"http://www.securityfocus.com/bid/95300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"EMC ScaleIO CVE-2016-9867 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/539983/30/0/threaded","name":"http://www.securityfocus.com/archive/1/539983/30/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9867","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9867","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"EMC ScaleIO versions before 2.0.1.1","version":"affected EMC ScaleIO versions before 2.0.1.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9867","vulnerable":"1","versionEndIncluding":"2.0.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"scaleio","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"9867","cve":"CVE-2016-9867","epss":"0.000830000","percentile":"0.239420000","score_date":"2026-05-11","updated_at":"2026-05-12 00:01:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T03:07:30.158Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"95300","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/95300"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.securityfocus.com/archive/1/539983/30/0/threaded"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"EMC ScaleIO versions before 2.0.1.1","vendor":"n/a","versions":[{"status":"affected","version":"EMC ScaleIO versions before 2.0.1.1"}]}],"datePublic":"2017-01-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers."}],"problemTypes":[{"descriptions":[{"description":"Privilege escalation vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-01-09T10:57:01.000Z","orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell"},"references":[{"name":"95300","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/95300"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.securityfocus.com/archive/1/539983/30/0/threaded"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2016-9867","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"EMC ScaleIO versions before 2.0.1.1","version":{"version_data":[{"version_value":"EMC ScaleIO versions before 2.0.1.1"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Privilege escalation vulnerability"}]}]},"references":{"reference_data":[{"name":"95300","refsource":"BID","url":"http://www.securityfocus.com/bid/95300"},{"name":"http://www.securityfocus.com/archive/1/539983/30/0/threaded","refsource":"CONFIRM","url":"http://www.securityfocus.com/archive/1/539983/30/0/threaded"}]}}}},"cveMetadata":{"assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","assignerShortName":"dell","cveId":"CVE-2016-9867","datePublished":"2017-01-06T22:00:00.000Z","dateReserved":"2016-12-06T00:00:00.000Z","dateUpdated":"2024-08-06T03:07:30.158Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-01-06 22:59:00","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-264","Privilege escalation vulnerability"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2,"impactScore":6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:scaleio:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.1.0","matchCriteriaId":"3974D427-763F-4BD0-8BCE-791897079642"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9867","Ordinal":"1","Title":"CVE-2016-9867","CVE":"CVE-2016-9867","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9867","Ordinal":"1","NoteData":"An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.","Type":"Description","Title":"CVE-2016-9867"},{"CveYear":"2016","CveId":"9867","Ordinal":"2","NoteData":"2017-01-06","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9867","Ordinal":"3","NoteData":"2017-01-09","Type":"Other","Title":"Modified"}]}}}