Vulnerability in Dell Emc_unisphere

CVE-2017-14375

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eMana…

EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Dell Emc_unisphere
  • Emc Solutions_enabler
  • Emc Vasa
  • Emc Vmax_emanagement
  • N/a Emc Vmax Virtual Appliance (Vapp) Unisphere For Versions Prior To 8.4.0.15, Solutions Enabler Vasa 8.4.0.512, Embedded Management (Emanagement) And Including 1.4 (Enginuity Release 5977.1125.1125 Earlier) — versions EMC VMAX Virtual Appliance (vApp) EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier)

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2017-14375?
CVE-2017-14375 is a critical-severity vulnerability in Dell Emc_unisphere, classified under Authentication Bypass by Spoofing. CVSS score: 9.8/10. Published 2017-11-01.
How severe is CVE-2017-14375?
Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-14375 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.