VAR-201207-0336
Vulnerability from variot - Updated: 2025-04-11 22:59EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. There are security vulnerabilities in multiple EMC products. Failure to properly access control settings allows an attacker to exploit the vulnerability to bypass security restrictions and gain unauthorized access to the output file system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability
EMC Identifier: ESA-2012-027
CVE Identifier: CVE-2012-2282
Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Affected products:
EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2
EMC VNX versions 7.0.12.0 through 7.0.53.1
EMC VNXe 2.0 (including SP1, SP2, and SP3)
EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1)
EMC VNXe MR2 (including SP0.1)
Vulnerability Summary:
A vulnerability exists in EMC Celerra/VNX/VNXe systems that can be potentially exploited to gain unauthorized access to distributed files and directories.
For EMC Celerra, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads C > Celerra Software For EMC VNX, navigate in Powerlink to Home >Support>Support by Product and search for VNX For EMC VNXe, Log onto the affected VNXe, navigate in Support Zone as follows: Settings > More Configuration > Update Software > Obtain Candidate Version Online
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@emc.com
http://www.emc.com/contact-us/contact/product-security-response-center.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Cygwin)
iEYEARECAAYFAk/9nQcACgkQtjd2rKp+ALwy+QCfRYR3eaF29k28f7gYjgC0vcVk NLIAn0GWWLPQ0VPfcFUjC6RlyahlwImL =wjkz -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi
TITLE: EMC Products Security Bypass Security Issue
SECUNIA ADVISORY ID: SA49911
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49911/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49911
RELEASE DATE: 2012-07-12
DISCUSS ADVISORY: http://secunia.com/advisories/49911/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49911/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49911
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in multiple EMC products, which can be exploited by malicious users to potentially bypass certain security restrictions.
SOLUTION: Update to a fixed version. Updated software can be downloaded from Powerlink.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: EMC (ESA-2012-027): http://archives.neohapsis.com/archives/bugtraq/2012-07/att-0063/ESA-2012-027.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vnxe",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "mr2"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "mr1"
},
{
"model": "vnx",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "7.0.53.1"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "2.0"
},
{
"model": "celerra network server",
"scope": "eq",
"trust": 1.0,
"vendor": "emc",
"version": "6.0.36.4"
},
{
"model": "celerra network server",
"scope": "eq",
"trust": 1.0,
"vendor": "emc",
"version": "6.0.60.2"
},
{
"model": "vnx",
"scope": "eq",
"trust": 1.0,
"vendor": "emc",
"version": "7.0.12.0"
},
{
"model": "vnx",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "7.x"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "2.1.3.19077"
},
{
"model": "celerra network server",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "6.0.61.0"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "2.0"
},
{
"model": "vnxe",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "2.1"
},
{
"model": "vnx",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "7.0.53.2"
},
{
"model": "celerra network server",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "6.x"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "2.2.0.19078"
},
{
"model": "vnxe",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "2.2"
},
{
"model": "celerra network server",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "6.x"
},
{
"model": "vnx operating environment for file",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "7.x"
},
{
"model": "vnxe",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "2.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:celerra_network_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:emc:vnx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:vnxe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "54414"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2282",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-162",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. There are security vulnerabilities in multiple EMC products. Failure to properly access control settings allows an attacker to exploit the vulnerability to bypass security restrictions and gain unauthorized access to the output file system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability \n\nEMC Identifier: ESA-2012-027\n\nCVE Identifier: CVE-2012-2282 \n\nSeverity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)\n\nAffected products:\n\nEMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2\n\nEMC VNX versions 7.0.12.0 through 7.0.53.1\n\nEMC VNXe 2.0 (including SP1, SP2, and SP3)\n\nEMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1) \n\nEMC VNXe MR2 (including SP0.1)\n\nVulnerability Summary:\n\nA vulnerability exists in EMC Celerra/VNX/VNXe systems that can be potentially exploited to gain unauthorized access to distributed files and directories. \n\nFor EMC Celerra, navigate in Powerlink to Home \u003e Support \u003e Software Downloads and Licensing \u003e Downloads C \u003e Celerra Software \nFor EMC VNX, navigate in Powerlink to Home \u003eSupport\u003eSupport by Product and search for VNX \nFor EMC VNXe, Log onto the affected VNXe, navigate in Support Zone as follows: Settings \u003e More Configuration \u003e Update Software \u003e Obtain Candidate Version Online\n\nBecause the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n\nEMC Product Security Response Center\n\nSecurity_Alert@emc.com\n\nhttp://www.emc.com/contact-us/contact/product-security-response-center.htm \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (Cygwin)\n\niEYEARECAAYFAk/9nQcACgkQtjd2rKp+ALwy+QCfRYR3eaF29k28f7gYjgC0vcVk\nNLIAn0GWWLPQ0VPfcFUjC6RlyahlwImL\n=wjkz\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nWe are millions! Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nEMC Products Security Bypass Security Issue\n\nSECUNIA ADVISORY ID:\nSA49911\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49911/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49911\n\nRELEASE DATE:\n2012-07-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49911/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49911/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49911\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in multiple EMC products, which\ncan be exploited by malicious users to potentially bypass certain\nsecurity restrictions. \n\nSOLUTION:\nUpdate to a fixed version. Updated software can be downloaded from\nPowerlink. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nEMC (ESA-2012-027):\nhttp://archives.neohapsis.com/archives/bugtraq/2012-07/att-0063/ESA-2012-027.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2282"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "BID",
"id": "54414"
},
{
"db": "PACKETSTORM",
"id": "114647"
},
{
"db": "PACKETSTORM",
"id": "114653"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2282",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1027242",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "49911",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3692",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19996",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20120711 ESA-2012-027: EMC CELERRA/VNX/VNXE IMPROPER ACCESS CONTROL VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162",
"trust": 0.6
},
{
"db": "BID",
"id": "54414",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "114647",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114653",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "BID",
"id": "54414"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "PACKETSTORM",
"id": "114647"
},
{
"db": "PACKETSTORM",
"id": "114653"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"id": "VAR-201207-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
}
],
"trust": 1.1084586433333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
}
]
},
"last_update_date": "2025-04-11T22:59:17.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NVX \u30d5\u30a1\u30df\u30ea",
"trust": 0.8,
"url": "http://japan.emc.com/storage/vnx/vnx-family.htm"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emc.com/index.htm"
},
{
"title": "EMC multiple product security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18836"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0063.html"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1027242"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2282"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2282"
},
{
"trust": 0.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/att-0063/esa-2012-027.txt"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49911"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19996"
},
{
"trust": 0.3,
"url": "http://www.emc.com/?fromglobalsiteselect"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2282"
},
{
"trust": 0.1,
"url": "http://www.emc.com/contact-us/contact/product-security-response-center.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49911/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49911"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49911/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "BID",
"id": "54414"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "PACKETSTORM",
"id": "114647"
},
{
"db": "PACKETSTORM",
"id": "114653"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"db": "BID",
"id": "54414"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"db": "PACKETSTORM",
"id": "114647"
},
{
"db": "PACKETSTORM",
"id": "114653"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"date": "2012-07-12T00:00:00",
"db": "BID",
"id": "54414"
},
{
"date": "2012-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"date": "2012-07-12T02:05:18",
"db": "PACKETSTORM",
"id": "114647"
},
{
"date": "2012-07-12T06:05:32",
"db": "PACKETSTORM",
"id": "114653"
},
{
"date": "2012-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"date": "2012-07-16T20:55:00.830000",
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3692"
},
{
"date": "2013-04-02T13:07:00",
"db": "BID",
"id": "54414"
},
{
"date": "2012-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003108"
},
{
"date": "2012-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-162"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Celerra Network Server , EMC VNX ,and EMC VNXe Vulnerable to reading files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-162"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.