CVE-2016-0917
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.
Affected (3)
Products: Emc: Vnx1 Oe Firmware, Vnx2 Oe Firmware, Vnxe Oe Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions |
| Running on/with | Platform Versions |
|---|---|
Emc Vnx5200 | All versions |
Emc Vnx5400 | All versions |
Emc Vnx5600 | All versions |
Emc Vnx5800 | All versions |
Emc Vnxe1600 | All versions |
Emc Vnxe3100 | All versions |
Emc Vnxe3150 | All versions |
Emc Vnxe3200 | All versions |
Emc Vnxe3200 Hybrid | All versions |
Emc Vnxe3300 | All versions |
Related CWEs
References (8)
Source: security_alert@emc.com
Source: security_alert@emc.com
Source: security_alert@emc.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.