Is CVE-2017-10955 actively exploited?

CVE-2017-10955 has no public evidence of in-the-wild exploitation as of 2025-04-20.

What is the CVSS score for CVE-2017-10955?

CVE-2017-10955 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2017-10955?

Patch guidance is available from emc security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2017-10955.

Which products are affected by CVE-2017-10955?

1 product: emc data protection advisor.

Fix CVE-2017-10955 - HIGH emc data protection advisor

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection CWE-20 · Improper Input Validation

Metadata

Primary Vendor: EMC
Published: 10/19/2017
Last Modified: 4/20/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2017-10955

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary