Vulnerability CVE-2012-2282


Published: 2012-07-16   Modified: 2012-07-17

Description:
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
EMC Celerra/VNX/VNXe Improper Access Control
EMC
13.07.2012

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
EMC -> Celerra network server 
EMC -> VNX 
EMC -> VNXE 

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-07/0063.html

Copyright 2021, cxsecurity.com

 

Back to Top