CVE-2017-14375

critical

Published 2017-11-01 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

9.8

Description

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
dell	emc_unisphere	`{"endExcluding":"8.4.0.15"}`	`8.4.0.15`
emc	solutions_enabler	`{"endExcluding":"8.4.0.15"}`	`8.4.0.15`
emc	vasa	`{"endExcluding":"8.4.0.512"}`	`8.4.0.512`
emc	vmax_emanagement	`{"endIncluding":"1.4"}`

References

CWEs

CWE-290

Verify integrity in audit chain (admin only). AS-IS.