Undocumented Account Vulnerability in EMC Elastic Cloud Storage
CVE-2017-8021

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Emc Elastic Cloud Storage All Versions Prior To 3.1
Vendor: CVE Published:; 3 October 2017

Summary

A security flaw in EMC Elastic Cloud Storage prior to version 3.1 has been identified, which allows for the creation of undocumented accounts. This could enable malicious actors to gain unauthorized access and control over the affected systems, potentially compromising sensitive data. Users are urged to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

EMC Elastic Cloud Storage all prior to 3.1 EMC Elastic Cloud Storage all versions prior to 3.1

References

http://seclists.org/fulldisclosure/2017/Sep/74

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101018

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Apr 21, 2017