Directory Traversal Vulnerability in Dell Storage Manager
CVE-2017-14384

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Dell Storage Manager
Vendor: CVE Published:; 16 March 2018

What is CVE-2017-14384?

A directory traversal vulnerability exists in Dell Storage Manager versions prior to 16.3.20. This flaw allows an unauthorized remote user to exploit the EMConfigMigration service by submitting specially crafted input parameters. Successful exploitation could enable the attacker to read sensitive files outside the designated directories, compromising the application's security. However, it should be noted that no file deletion or modification can occur through this vulnerability.

Affected Version(s)

Dell Storage Manager earlier than 16.3.20

References

http://www.securityfocus.com/bid/103467

vdb-entryx_refsource_BID

http://topics-cdn.dell.com/pdf/storage-sc2000_release%20n...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2018
Vulnerability Reserved
Sep 12, 2017

JSON