Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0917

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.

Published

2016-09-21T02:59:05.663

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application emc vnx1_oe_firmware - Yes
Application emc vnx2_oe_firmware - Yes
Application emc vnxe_oe_firmware - Yes
Hardware emc vnx5200 - No
Hardware emc vnx5400 - No
Hardware emc vnx5600 - No
Hardware emc vnx5800 - No
Hardware emc vnxe1600 - No
Hardware emc vnxe3100 - No
Hardware emc vnxe3150 - No
Hardware emc vnxe3200 - No
Hardware emc vnxe3200_hybrid - No
Hardware emc vnxe3300 - No
References