CVE-2017-14375 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2017-14375?

CVE-2017-14375 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication mechanisms in multiple EMC storage management products. Malicious users can potentially gain unauthorized access to affected systems without valid credentials. Organizations using vulnerable versions of EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, or VMAX Embedded Management are affected.

📋 TL;DR

This vulnerability allows attackers to bypass authentication mechanisms in multiple EMC storage management products. Malicious users can potentially gain unauthorized access to affected systems without valid credentials. Organizations using vulnerable versions of EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, or VMAX Embedded Management are affected.

💻 Affected Systems

Products:

EMC Unisphere for VMAX Virtual Appliance
EMC Solutions Enabler Virtual Appliance
EMC VASA Virtual Appliance
EMC VMAX Embedded Management (eManagement)

Versions: Unisphere/Solutions Enabler: prior to 8.4.0.15; VASA: prior to 8.4.0.512; eManagement: 1.4 and earlier (Enginuity Release 5977.1125.1125 and earlier)

Operating Systems: Virtual Appliance

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability exists in the authentication mechanism itself.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to gain administrative control over storage management systems, potentially leading to data theft, manipulation, or destruction of critical storage infrastructure.

🟠

Likely Case

Unauthorized access to storage management interfaces allowing configuration changes, data access, or disruption of storage operations.

🟢

If Mitigated

Limited impact if systems are isolated behind firewalls with strict network access controls and monitored for suspicious authentication attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity. While no public PoC is referenced, the high CVSS score and authentication bypass nature make weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unisphere/Solutions Enabler: 8.4.0.15 or later; VASA: 8.4.0.512 or later; eManagement: versions after 1.4

Vendor Advisory: http://seclists.org/fulldisclosure/2017/Oct/70

Restart Required: Yes

Instructions:

1. Download the appropriate patch from EMC support portal. 2. Backup current configuration. 3. Apply the patch following vendor instructions. 4. Restart the appliance/service. 5. Verify authentication is working correctly.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to management interfaces using firewall rules

Access Control Lists

all

Implement strict IP-based access controls to limit which systems can connect to management interfaces

🧯 If You Can't Patch

Isolate affected systems from untrusted networks and implement strict network segmentation
Implement additional authentication layers (VPN, jump hosts) and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check the appliance version via web interface or SSH. Compare against affected version ranges.

Check Version:

Check via web interface or SSH to appliance and run version check command specific to each product

Verify Fix Applied:

Verify version is patched and test authentication with invalid credentials to ensure proper rejection.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful access from same IP
Authentication bypass patterns in web server logs
Unusual administrative actions from new/unexpected IP addresses

Network Indicators:

Direct connections to management ports from unauthorized IP ranges
Authentication requests with malformed or missing credentials

SIEM Query:

source="vmax-appliance" AND (event_type="auth_failure" OR event_type="auth_success") | stats count by src_ip, event_type | where count(event_type="auth_failure") > 0 AND count(event_type="auth_success") > 0

📊 Metadata

CVE ID: CVE-2017-14375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-290

Published: November 1, 2017

Last Updated: April 20, 2025

🔗 References

http://seclists.org/fulldisclosure/2017/Oct/70 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/101673 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1039704 Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2017/Oct/70 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/101673 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1039704 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-14375, you might also want to check these: