CVE-2017-9978

Published: Aug 28, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.

Affected (1)

Products: Osnexus: Quantastor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Osnexus Quantastor	Up to 4.3.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Aug/23

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt

Source: cve@mitre.org

ExploitThird Party AdvisoryURL Repurposed

https://www.exploit-db.com/exploits/42517/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Aug/23

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryURL Repurposed

https://www.exploit-db.com/exploits/42517/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.