CVE-2017-8012 Information

Description

In EMC ViPR SRM Storage M&R VNX M&R and M&R (Watch4Net) for SAS Solution Packs the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2017/Sep/51 http://www.securityfocus.com/bid/100982 http://www.securitytracker.com/id/1039417 http://www.securitytracker.com/id/1039418

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.4