Vulnerability-Lookup

CNVD-2018-01929

Vulnerability from cnvd - Published: 2018-01-26

Title

Dell EMC VNX2 Operating Environment for File和VNX1 Operating Environment for File VNX Control Station跨站脚本漏洞

Description

Dell EMC VNX2 Operating Environment for File和VNX1 Operating Environment for File都是美国戴尔（Dell）公司的文件存储设备。VNX Control Station是其中的一个控制台。 Dell EMC VNX2 Operating Environment for File 8.1.9.217之前的版本和VNX1 Operating Environment for File 7.1.80.8之前的版本中的VNX Control Station的Web服务器错误页面存在跨站脚本漏洞。远程攻击者可利用该漏洞在用户浏览器会话中执行任意的HTML代码。

Severity

中

Patch Name

Dell EMC VNX2 Operating Environment for File和VNX1 Operating Environment for File VNX Control Station跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.emc.com/

Reference

http://seclists.org/fulldisclosure/2017/Dec/87

Impacted products

Name
['DELL EMC VNX1 versions prior to Operating Environment for File <7.1.80.8', 'DELL EMC VNX2 versions prior to Operating Environment for File <8.1.9.217']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14383"
    }
  },
  "description": "Dell EMC VNX2 Operating Environment for File\u548cVNX1 Operating Environment for File\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u6587\u4ef6\u5b58\u50a8\u8bbe\u5907\u3002VNX Control Station\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u63a7\u5236\u53f0\u3002\r\n\r\nDell EMC VNX2 Operating Environment for File 8.1.9.217\u4e4b\u524d\u7684\u7248\u672c\u548cVNX1 Operating Environment for File 7.1.80.8\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684VNX Control Station\u7684Web\u670d\u52a1\u5668\u9519\u8bef\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u7684HTML\u4ee3\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-01929",
  "openTime": "2018-01-26",
  "patchDescription": "Dell EMC VNX2 Operating Environment for File\u548cVNX1 Operating Environment for File\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u6587\u4ef6\u5b58\u50a8\u8bbe\u5907\u3002VNX Control Station\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u63a7\u5236\u53f0\u3002\r\n\r\nDell EMC VNX2 Operating Environment for File 8.1.9.217\u4e4b\u524d\u7684\u7248\u672c\u548cVNX1 Operating Environment for File 7.1.80.8\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684VNX Control Station\u7684Web\u670d\u52a1\u5668\u9519\u8bef\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u7684HTML\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC VNX2 Operating Environment for File\u548cVNX1 Operating Environment for File VNX Control Station\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL EMC VNX1 versions prior to Operating Environment for File \u003c7.1.80.8",
      "DELL EMC VNX2 versions prior to Operating Environment for File \u003c8.1.9.217"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Dec/87",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-25",
  "title": "Dell EMC VNX2 Operating Environment for File\u548cVNX1 Operating Environment for File VNX Control Station\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2017-14383 (GCVE-0-2017-14383)

Vulnerability from cvelistv5 – Published: 2018-01-04 06:00 – Updated: 2024-08-05 19:27

Summary

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.

Severity ?

No CVSS data available.

CWE

Reflected Cross Site Scripting Vulnerability

Assigner

dell

References

URL

Tags

http://seclists.org/fulldisclosure/2017/Dec/87

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8	Affected: Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:27:40.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Dec/87"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8"
            }
          ]
        }
      ],
      "datePublic": "2018-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user\u0027s browser session in the context of the affected web application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Reflected Cross Site Scripting Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T06:57:02",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Dec/87"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-14383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user\u0027s browser session in the context of the affected web application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Reflected Cross Site Scripting Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Dec/87",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Dec/87"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-14383",
    "datePublished": "2018-01-04T06:00:00",
    "dateReserved": "2017-09-12T00:00:00",
    "dateUpdated": "2024-08-05T19:27:40.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-01929

CVE-2017-14383 (GCVE-0-2017-14383)

Tags

Sightings

Nomenclature