Reflected Cross-Site Scripting Vulnerability in Dell EMC VNX2 and VNX1 Products
CVE-2017-14383

6.1MEDIUM

Key Information:

Vendor
Dell
Status
Dell Emc Vnx2 Versions Prior To Operating Environment For File 8.1.9.217 And Dell Emc Vnx1 Versions Prior To Operating Environment For File 7.1.80.8
Vendor
CVE Published:
4 January 2018

Summary

Dell EMC VNX2 and VNX1 products expose a vulnerability in their VNX Control Station web interface due to improper handling of web server error pages. This flaw can allow remote attackers to inject arbitrary HTML or script code into the user's browser session. When exploited, it can lead to unauthorized actions or data theft, posing significant risks to affected installations. Patching the affected versions is essential to mitigate these risks and protect sensitive information.

Affected Version(s)

Dell EMC VNX2 prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 prior to Operating Environment for File 7.1.80.8 Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8

References

http://seclists.org/fulldisclosure/2017/Dec/87
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.