'[FD] ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX Cont'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX Cont
From:       EMC Product Security Response Center <Security_Alert () emc ! com>
Date:       2017-12-19 20:06:44
Message-ID: 1BF8853173D9704A93EF882F85952A8938DD5A () MX304CL04 ! corp ! emc ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX \
Control Station

EMC Identifier: ESA-2017-155
CVE Identifier: CVE-2017-14383
Severity Rating: CVSS v3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 

Affected products:  
Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217
Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8

Summary:  
A fix is available for certain versions of VNX Control Station for VNX1 and VNX2 that contain a \
Reflected Cross Site Scripting vulnerability. This vulnerability could potentially be exploited \
by malicious users to compromise the affected system.

Details:  
A web server error page in Dell EMC VNX Control Station is impacted by a reflected cross-site \
scripting vulnerability. A remote unauthenticated attacker could potentially exploit this \
vulnerability to execute arbitrary HTML code in the user's browser session in the context of \
the affected web application. 

Resolution:  
The following releases contain resolutions to the vulnerability:
 The following releases contain resolutions to the vulnerability:
*	Dell EMC VNX2 OE for File 8.1.9.217
*	Dell EMC VNX1 OE for File 7.1.80.8

EMC recommends all customers upgrade at the earliest opportunity. 

Link to remedies:

To upgrade your EMC VNX system contact EMC VNX Customer Support: https://support.emc.com  
Registered EMC Support customers can download EMC VNX software from the EMC Online Support web \
site at https://support.emc.com.

[The following is standard text included in all security advisories.  Please do not change or \
delete.]

Read and use the information in this EMC Security Advisory to assist in avoiding any situation \
that might arise from the problems described herein. If you have any questions regarding this \
product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC \
recommends all customers take into account both the base score and any relevant temporal and \
environmental scores which may impact the potential severity associated with particular \
security vulnerability.

EMC recommends that all users determine the applicability of this information to their \
individual situations and take appropriate action. The information set forth herein is provided \
"as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, \
including the warranties of merchantability, fitness for a particular purpose, title and \
non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever \
including direct, indirect, incidental, consequential, loss of business profits or special \
damages, even if EMC or its suppliers have been advised of the possibility of such damages. \
Some states do not allow the exclusion or limitation of liability for consequential or \
incidental damages, so the foregoing limitation may not apply.