CVE-2016-9868

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/539983/30/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95301

Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:scaleio:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-06 22:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-9868

Mitre link : CVE-2016-9868

CVE.ORG link : CVE-2016-9868

JSON object : View

Products Affected

emc

scaleio

CWE

CWE-254

7PK - Security Features

{"id": "CVE-2016-9868", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-01-06T22:59:00.297", "references": [{"url": "http://www.securityfocus.com/archive/1/539983/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/95301", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en EMC ScaleIO en versiones anteriores a 2.0.1.1. Un atacante local con pocos privilegios podr\u00eda provocar una denegaci\u00f3n de servicio generando un kernel panic en el controlador SCINI usando llamadas IOCTL las cuales pueden hacer que el servidor ScaleIO Data Client (SDC) no est\u00e9 disponible hasta el siguiente reinicio."}], "lastModified": "2017-01-11T02:59:12.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:scaleio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3974D427-763F-4BD0-8BCE-791897079642", "versionEndIncluding": "2.0.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}