CVE-2017-8012
CVE-2017-8012 is a high-severity vulnerability in Dell Emc M&r with a CVSS 3.x base score of 7.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.4)
- CVSS v2: 5.8
- EPSS exploit prediction: 2% (77th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Dell Emc M&r
- Published:
- Last modified:
Description
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
Frequently asked questions
- What is CVE-2017-8012?
- In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
- How severe is CVE-2017-8012?
- CVE-2017-8012 has a CVSS 3.x base score of 7.4, rated high severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability high.
- Is CVE-2017-8012 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (77th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-8012?
- CVE-2017-8012 primarily affects Dell Emc M&r. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2017-8012?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2017-8012 published?
- CVE-2017-8012 was published on 2017-09-22 and last updated on 2026-06-17.
References
- http://seclists.org/fulldisclosure/2017/Sep/51
- http://www.securityfocus.com/bid/100982
- http://www.securitytracker.com/id/1039417
- http://www.securitytracker.com/id/1039418
Affected products (4)
- cpe:2.3:a:dell:emc_m\&r:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*
More vulnerabilities in Dell Emc M&r
- CVE-2017-8011 — Critical (CVSS 9.8): EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R…
- CVE-2017-8007 — High (CVSS 8.8): In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected…