ID

VAR-201711-0922


CVE

CVE-2017-1710


TITLE

IBM Storwize V7000 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010228

DESCRIPTION

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. IBM Storwize V7000 Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 134531 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple IBM Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. IBM Storwize V7000, Storwize V5000 and FlashSystem V9000 are all products of IBM Corporation in the United States. Both IBM Storwize V7000 and Storwize V5000 are virtualized storage systems. FlashSystem V9000 is an all-flash enterprise storage solution. Service Assistant GUI is one of the graphical user interfaces. The following products and versions are affected: IBM SAN Volume Controller version 8.1.0.0; IBM Storwize V7000 version 8.1.0.0; IBM Storwize V5000 version 8.1.0.0; IBM FlashSystem V9000 version 8.1.0.0

Trust: 1.98

sources: NVD: CVE-2017-1710 // JVNDB: JVNDB-2017-010228 // BID: 101770 // VULHUB: VHN-108088

AFFECTED PRODUCTS

vendor:ibmmodel:san volume controllerscope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:storwize v7000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:storwize v5000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:flashsystem v9000scope:eqversion:8.1

Trust: 1.6

vendor:ibmmodel:flashsystem v9000scope: - version: -

Trust: 0.8

vendor:ibmmodel:san volume controller softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwize v5000 softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwize v7000 softwarescope: - version: -

Trust: 0.8

vendor:ibmmodel:storwizescope:eqversion:v70008.1.0.0

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v50008.1.0.0

Trust: 0.3

vendor:ibmmodel:san volume controllerscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ibmmodel:flashsystemscope:eqversion:v90008.1.0.0

Trust: 0.3

vendor:ibmmodel:storwizescope:neversion:v70008.1.0.1

Trust: 0.3

vendor:ibmmodel:storwizescope:neversion:v50008.1.0.1

Trust: 0.3

vendor:ibmmodel:san volume controllerscope:neversion:8.1.0.1

Trust: 0.3

vendor:ibmmodel:flashsystemscope:neversion:v90008.1.0.1

Trust: 0.3

sources: BID: 101770 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1710
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-1710
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-321
value: CRITICAL

Trust: 0.6

VULHUB: VHN-108088
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-1710
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108088
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1710
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108088 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-108088 // JVNDB: JVNDB-2017-010228 // NVD: CVE-2017-1710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-321

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-321

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010228

PATCH

title:S1010788url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788

Trust: 0.8

title:Multiple IBM product Service Assistant GUI Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76218

Trust: 0.6

sources: JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321

EXTERNAL IDS

db:NVDid:CVE-2017-1710

Trust: 2.8

db:BIDid:101770

Trust: 2.0

db:SECTRACKid:1039776

Trust: 1.7

db:JVNDBid:JVNDB-2017-010228

Trust: 0.8

db:CNNVDid:CNNVD-201711-321

Trust: 0.7

db:VULHUBid:VHN-108088

Trust: 0.1

sources: VULHUB: VHN-108088 // BID: 101770 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

REFERENCES

url:http://www.securityfocus.com/bid/101770

Trust: 1.7

url:http://www.ibm.com/support/docview.wss?uid=ssg1s1010788

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/134531

Trust: 1.7

url:http://www.securitytracker.com/id/1039776

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1710

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-1710

Trust: 0.8

url:http://www.ibm.com/

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1010788

Trust: 0.3

sources: VULHUB: VHN-108088 // BID: 101770 // JVNDB: JVNDB-2017-010228 // CNNVD: CNNVD-201711-321 // NVD: CVE-2017-1710

CREDITS

IBM.

Trust: 0.9

sources: BID: 101770 // CNNVD: CNNVD-201711-321

SOURCES

db:VULHUBid:VHN-108088
db:BIDid:101770
db:JVNDBid:JVNDB-2017-010228
db:CNNVDid:CNNVD-201711-321
db:NVDid:CVE-2017-1710

LAST UPDATE DATE

2024-08-14T14:51:47.187000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-108088date:2019-10-03T00:00:00
db:BIDid:101770date:2017-12-19T22:36:00
db:JVNDBid:JVNDB-2017-010228date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-321date:2019-10-23T00:00:00
db:NVDid:CVE-2017-1710date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:VULHUBid:VHN-108088date:2017-11-13T00:00:00
db:BIDid:101770date:2017-11-08T00:00:00
db:JVNDBid:JVNDB-2017-010228date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-321date:2017-11-10T00:00:00
db:NVDid:CVE-2017-1710date:2017-11-13T23:29:00.370