Sign-up

ID

VAR-201711-0922


CVE

CVE-2017-1710


TITLE

IBM Storwize V7000 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010228

DESCRIPTION

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. IBM Storwize V7000 Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 134531 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple IBM Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. IBM Storwize V7000, Storwize V5000 and FlashSystem V9000 are all products of IBM Corporation in the United States. Both IBM Storwize V7000 and Storwize V5000 are virtualized storage systems. FlashSystem V9000 is an all-flash enterprise storage solution. Service Assistant GUI is one of the graphical user interfaces. The following products and versions are affected: IBM SAN Volume Controller version 8.1.0.0; IBM Storwize V7000 version 8.1.0.0; IBM Storwize V5000 version 8.1.0.0; IBM FlashSystem V9000 version 8.1.0.0

Trust: 1.98

sources: NVD: CVE-2017-1710 // JVNDB: JVNDB-2017-010228 // BID: 101770 // VULHUB: VHN-108088

AFFECTED PRODUCTS

vendor:ibmmodel:san volume controllerscope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:storwize v7000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:storwize v5000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:flashsystem v9000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:flashsystem v9000scope: - version: -

Trust: 0.8

vendor:ibmmodel:san volume controller softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwize v5000 softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwize v7000 softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwizescope:eqversion:v70008.1.0.0

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v50008.1.0.0

Trust: 0.3

vendor:ibmmodel:san volume controllerscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ibmmodel:flashsystemscope:eqversion:v90008.1.0.0

Trust: 0.3

vendor:ibmmodel:storwizescope:neversion:v70008.1.0.1

Trust: 0.3

vendor:ibmmodel:storwizescope:neversion:v50008.1.0.1

Trust: 0.3

vendor:ibmmodel:san volume controllerscope:neversion:8.1.0.1

Trust: 0.3

vendor:ibmmodel:flashsystemscope:neversion:v90008.1.0.1

Trust: 0.3

sources: BID: 101770 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1710
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-1710
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-321
value: CRITICAL

Trust: 0.6

VULHUB: VHN-108088
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-1710
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108088
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1710
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108088 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-108088 // JVNDB: JVNDB-2017-010228 // NVD: CVE-2017-1710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-321

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010228

PATCH
title:S1010788url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788
Trust: 0.8
title:Multiple IBM product Service Assistant GUI Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76218
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010228 // 
            
            
            
            CNNVD: CNNVD-201711-321

EXTERNAL IDS
db:NVDid:CVE-2017-1710
Trust: 2.8
db:BIDid:101770
Trust: 2.0
db:SECTRACKid:1039776
Trust: 1.7
db:JVNDBid:JVNDB-2017-010228
Trust: 0.8
db:CNNVDid:CNNVD-201711-321
Trust: 0.7
db:VULHUBid:VHN-108088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108088 // 
            
            
            
            BID: 101770 // 
            
            
            
            JVNDB: JVNDB-2017-010228 // 
            
            
            
            CNNVD: CNNVD-201711-321 // 
            
            
            
            NVD: CVE-2017-1710

REFERENCES
url:http://www.securityfocus.com/bid/101770
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=ssg1s1010788
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/134531
Trust: 1.7
url:http://www.securitytracker.com/id/1039776
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1710
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1710
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1010788
Trust: 0.3
sources:
            
            
            VULHUB: VHN-108088 // 
            
            
            
            BID: 101770 // 
            
            
            
            JVNDB: JVNDB-2017-010228 // 
            
            
            
            CNNVD: CNNVD-201711-321 // 
            
            
            
            NVD: CVE-2017-1710

CREDITS
IBM.
Trust: 0.9
sources:
            
            
            BID: 101770 // 
            
            
            
            CNNVD: CNNVD-201711-321

SOURCES
db:VULHUBid:VHN-108088
db:BIDid:101770
db:JVNDBid:JVNDB-2017-010228
db:CNNVDid:CNNVD-201711-321
db:NVDid:CVE-2017-1710

LAST UPDATE DATE
2024-08-14T14:51:47.187000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108088date:2019-10-03T00:00:00
db:BIDid:101770date:2017-12-19T22:36:00
db:JVNDBid:JVNDB-2017-010228date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-321date:2019-10-23T00:00:00
db:NVDid:CVE-2017-1710date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-108088date:2017-11-13T00:00:00
db:BIDid:101770date:2017-11-08T00:00:00
db:JVNDBid:JVNDB-2017-010228date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-321date:2017-11-10T00:00:00
db:NVDid:CVE-2017-1710date:2017-11-13T23:29:00.370