Intrusion Prevention

EMC.VMAX3.VASA.Provider.UploadConfigurator.Directory.Traversal

Description

This indicates an attack attempt against a Directory Traversal vulnerability in EMC VMAX3 VASA Provider.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.

Affected Products

EMC VMAX3 VASA Provider 8.3.x and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor
http://www.securityfocus.com/archive/1/540783/30/0/threaded

CVE References

CVE-2017-4997 CVE-2018-1215