Vulnerability-Lookup

CVE-2017-8021 (GCVE-0-2017-8021)

Vulnerability from cvelistv5 – Published: 2017-10-02 05:00 – Updated: 2024-08-05 16:19

Summary

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Undocumented Account Vulnerability

Assigner

dell

References

2 references

URL	Tags
http://seclists.org/fulldisclosure/2017/Sep/74	x_refsource_CONFIRM
http://www.securityfocus.com/bid/101018	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
n/a	EMC Elastic Cloud Storage all versions prior to 3.1	Affected: EMC Elastic Cloud Storage all versions prior to 3.1

Date Public

2017-10-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
          },
          {
            "name": "101018",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Elastic Cloud Storage all versions prior to 3.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Elastic Cloud Storage all versions prior to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2017-10-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Undocumented Account Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-02T09:57:02.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
        },
        {
          "name": "101018",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Elastic Cloud Storage all versions prior to 3.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Elastic Cloud Storage all versions prior to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Undocumented Account Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Sep/74",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
            },
            {
              "name": "101018",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8021",
    "datePublished": "2017-10-02T05:00:00.000Z",
    "dateReserved": "2017-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:19:29.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-8021",
      "date": "2026-06-27",
      "epss": "0.02063",
      "percentile": "0.78973"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8021\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-10-03T01:29:03.247\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.\"},{\"lang\":\"es\",\"value\":\"EMC Elastic Cloud Storage (ECS) en versiones anteriores a la 3.1 se ha visto afectado por una vulnerabilidad de cuenta sin documentar que podr\u00eda ser aprovechada por usuarios maliciosos para comprometer el sistema afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"A7A669C5-CD78-40C7-8D07-33DBBFCB91B2\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Sep/74\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101018\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Sep/74\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2017-34799

Vulnerability from cnvd - Published: 2017-11-21

Title

EMC Elastic Cloud Storage默认密码漏洞

Description

EMC Elastic Cloud Storage是美国易安信（EMC）公司的一套多用途的全局存储解决方案。 EMC Elastic Cloud Storage 3.1之前的版本中存在安全漏洞。远程攻击者可利用该漏洞控制受影响的系统。

Severity

高

Patch Name

EMC Elastic Cloud Storage默认密码漏洞的补丁

Patch Description

EMC Elastic Cloud Storage是美国易安信（EMC）公司的一套多用途的全局存储解决方案。 EMC Elastic Cloud Storage 3.1之前的版本中存在安全漏洞。远程攻击者可利用该漏洞控制受影响的系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.emc.com/

Reference

http://seclists.org/fulldisclosure/2017/Sep/75 http://www.securityfocus.com/bid/101018

Impacted products

Name
EMC Elastic Cloud Storage <3.1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101018"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8021"
    }
  },
  "description": "EMC Elastic Cloud Storage\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u591a\u7528\u9014\u7684\u5168\u5c40\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC Elastic Cloud Storage 3.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002",
  "discovererName": "EMC",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34799",
  "openTime": "2017-11-21",
  "patchDescription": "EMC Elastic Cloud Storage\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u591a\u7528\u9014\u7684\u5168\u5c40\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC Elastic Cloud Storage 3.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Elastic Cloud Storage\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC Elastic Cloud Storage \u003c3.1"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Sep/75\r\nhttp://www.securityfocus.com/bid/101018",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-28",
  "title": "EMC Elastic Cloud Storage\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e"
}

FKIE_CVE-2017-8021

Vulnerability from fkie_nvd - Published: 2017-10-03 01:29 - Updated: 2026-06-17 01:25

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2017/Sep/74	Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/101018	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Sep/74	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101018	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	dell	elastic_cloud_storage	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "EMC Elastic Cloud Storage all versions prior to 3.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Elastic Cloud Storage all versions prior to 3.1"
            }
          ]
        }
      ],
      "source": "security_alert@emc.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A669C5-CD78-40C7-8D07-33DBBFCB91B2",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system."
    },
    {
      "lang": "es",
      "value": "EMC Elastic Cloud Storage (ECS) en versiones anteriores a la 3.1 se ha visto afectado por una vulnerabilidad de cuenta sin documentar que podr\u00eda ser aprovechada por usuarios maliciosos para comprometer el sistema afectado."
    }
  ],
  "id": "CVE-2017-8021",
  "lastModified": "2026-06-17T01:25:39.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-03T01:29:03.247",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101018"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RPGJ-F22Q-PHGR

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23

Details

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-03T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.",
  "id": "GHSA-rpgj-f22q-phgr",
  "modified": "2022-05-13T01:23:14Z",
  "published": "2022-05-13T01:23:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8021"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-8021

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

Aliases

CVE-2017-8021

Aliases

CVE-2017-8021

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8021",
    "description": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.",
    "id": "GSD-2017-8021"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8021"
      ],
      "details": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.",
      "id": "GSD-2017-8021",
      "modified": "2023-12-13T01:21:08.540251Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-8021",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EMC Elastic Cloud Storage all versions prior to 3.1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EMC Elastic Cloud Storage all versions prior to 3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Undocumented Account Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://seclists.org/fulldisclosure/2017/Sep/74",
            "refsource": "CONFIRM",
            "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
          },
          {
            "name": "101018",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101018"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-8021"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1188"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101018",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101018"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Sep/74",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/74"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-19T19:12Z",
      "publishedDate": "2017-10-03T01:29Z"
    }
  }
}

VAR-201710-1306

Vulnerability from variot - Updated: 2025-04-20 23:40

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system.

Details:
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues.

Resolution:
Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity.

Link to Remedy: Customers are requested to contact Customer Support to help change the default password for this account.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR /8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3 veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44= =8t9r -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1306",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "elastic cloud storage",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0"
      },
      {
        "model": "elastic cloud storage",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "3.0"
      },
      {
        "model": "elastic cloud storage",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "3.1"
      },
      {
        "model": "elastic cloud storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:emc:elastic_cloud_storage",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "101018"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-8021",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-8021",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-116224",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-8021",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-8021",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-8021",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-8021",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-1398",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-116224",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-8021",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. \nRemote attackers with knowledge of the default credentials may exploit  this vulnerability to gain unauthorized access and perform unauthorized  actions. This may aid in further attacks. \nVersions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system. \n\nDetails:  \nECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. \n\nResolution:  \nInformation about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity. \n\nLink to Remedy:\nCustomers are requested to contact Customer Support to help change the default password for this account. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr\nkPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl\nVhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR\n/8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax\nbkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3\nveye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44=\n=8t9r\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "BID",
        "id": "101018"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "db": "PACKETSTORM",
        "id": "144375"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-8021",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "101018",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "144375",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-116224",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "db": "BID",
        "id": "101018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "PACKETSTORM",
        "id": "144375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "id": "VAR-201710-1306",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:40:00.254000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Elastic Cloud Storage (ECS)",
        "trust": 0.8,
        "url": "https://www.emc.com/collateral/white-papers/h14071-ecs-architectural-guide-wp.pdf"
      },
      {
        "title": "EMC Elastic Cloud Storage Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75256"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1188",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://seclists.org/fulldisclosure/2017/sep/74"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/101018"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8021"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8021"
      },
      {
        "trust": 0.3,
        "url": "http://www.emc.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/1188.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "db": "BID",
        "id": "101018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "PACKETSTORM",
        "id": "144375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "db": "BID",
        "id": "101018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "db": "PACKETSTORM",
        "id": "144375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "BID",
        "id": "101018"
      },
      {
        "date": "2017-10-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "date": "2017-09-28T00:32:06",
        "db": "PACKETSTORM",
        "id": "144375"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "date": "2017-10-03T01:29:03.247000",
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116224"
      },
      {
        "date": "2020-08-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-8021"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "BID",
        "id": "101018"
      },
      {
        "date": "2017-10-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-8021"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EMC Elastic Cloud Storage Vulnerabilities related to certificate and password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-008976"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1398"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8021 (GCVE-0-2017-8021)

CNVD-2017-34799

FKIE_CVE-2017-8021

GHSA-RPGJ-F22Q-PHGR

GSD-2017-8021

VAR-201710-1306

Tags

Sightings

Nomenclature