Lucene search

DellCVE-2016-8216

HistoryFeb 03, 2017 - 7:59 a.m.

CVE-2016-8216

2017-02-0307:59:00

CWE-264

dell

web.nvd.nist.gov

emc

data domain

dd os

5.4

5.5

5.6

5.7

vulnerability

command injection

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Affected configurations

Nvd

Node

dellemc_data_domain_osMatch5.4

dellemc_data_domain_osMatch5.5

dellemc_data_domain_osMatch5.6

dellemc_data_domain_osMatch5.7

VendorProductVersionCPE
dellemc_data_domain_os5.4cpe:2.3:o:dell:emc_data_domain_os:5.4:*:*:*:*:*:*:*
dellemc_data_domain_os5.5cpe:2.3:o:dell:emc_data_domain_os:5.5:*:*:*:*:*:*:*
dellemc_data_domain_os5.6cpe:2.3:o:dell:emc_data_domain_os:5.6:*:*:*:*:*:*:*
dellemc_data_domain_os5.7cpe:2.3:o:dell:emc_data_domain_os:5.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_data_domain_os	5.4	cpe:2.3:o:dell:emc_data_domain_os:5.4:::::::*
dell	emc_data_domain_os	5.5	cpe:2.3:o:dell:emc_data_domain_os:5.5:::::::*
dell	emc_data_domain_os	5.6	cpe:2.3:o:dell:emc_data_domain_os:5.6:::::::*
dell	emc_data_domain_os	5.7	cpe:2.3:o:dell:emc_data_domain_os:5.7:::::::*

CNA Affected

[
  {
    "product": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10"
      }
    ]
  }
]

References

www.securityfocus.com/archive/1/540059/30/0/threaded

www.securityfocus.com/bid/95829

www.securitytracker.com/id/1037728

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2016-8216