CVE-2017-14375

critical

Published 2017-11-01 · Modified 2026-05-13

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.8

Description

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions	Fixed
dell	emc_unisphere	`{"endExcluding":"8.4.0.15"}`	`8.4.0.15`
emc	solutions_enabler	`{"endExcluding":"8.4.0.15"}`	`8.4.0.15`
emc	vasa	`{"endExcluding":"8.4.0.512"}`	`8.4.0.512`
emc	vmax_emanagement	`{"endIncluding":"1.4"}`

References

CWEs

CWE-290

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.