CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-10955

HIGH
8.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile5.01th
Published2017年10月19日
Last Modified2026年5月13日

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability

Affected Platforms (CPE)

📦
Emc

Data Protection Advisor

= 6.3.0

References & Advisories

🔗 http://www.securityfocus.com/bid/101008
🔗 https://zerodayinitiative.com/advisories/ZDI-17-812
🔗 http://www.securityfocus.com/bid/101008
🔗 https://zerodayinitiative.com/advisories/ZDI-17-812

相關漏洞威脅

CVE-2017-80139.8

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwo...

CVE-2020-53528.8

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious...

CVE-2017-80028.8

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker ma...

CVE-2018-110488.1

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2....