PatchSiren cyber security CVE debrief

CVE-2017-2767 Emc CVE debrief

CVE-2017-2767 is a critical vulnerability in EMC Network Configuration Manager (NCM) affecting 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x. The NVD record describes it as a Java RMI remote code execution issue that could let a malicious user compromise the affected system. NVD rates the issue CVSS v3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact with no authentication or user interaction required.

Vendor: Emc
Product: CVE-2017-2767
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-03
Original CVE updated: 2026-05-13
Advisory published: 2017-02-03
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for EMC Network Configuration Manager (NCM) deployments, especially versions 9.3.x through 9.4.2.x and any system that exposes the affected Java RMI service to broad network access.

Technical summary

The supplied NVD record for CVE-2017-2767 identifies a network-reachable Java RMI remote code execution vulnerability in EMC Network Configuration Manager (NCM). Affected CPEs in the record include EMC SMarts Network Configuration Manager 9.3, 9.4, 9.4.1, and 9.4.2. NVD maps the weakness to CWE-287 and publishes a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The source corpus does not include technical root-cause details, proof-of-concept material, or specific remediation steps beyond linked references.

Defensive priority

Urgent. The combination of network exposure, no required privileges, no user interaction, and full confidentiality/integrity/availability impact makes this a high-priority issue for any affected NCM installation.

Recommended defensive actions

Inventory EMC Network Configuration Manager instances and confirm whether any fall within the affected versions listed by NVD.
Restrict network access to the NCM service surface, especially any Java RMI-related endpoints, to trusted administrative networks only.
Apply the vendor remediation or upgrade guidance referenced by the EMC/NVD-linked advisories as soon as possible.
If compromise is suspected, isolate the host, review authentication and service activity, and rotate any credentials that may have been exposed.

Evidence notes

All statements are grounded in the supplied NVD record and its referenced sources. The record shows publication on 2017-02-03 and last modification on 2026-05-13. The affected versions come from NVD CPE criteria, the CVSS vector is taken from the NVD entry, and the linked references point to EMC-related advisory mirrors and a SecurityTracker entry. No exploit code, weaponized reproduction, or unsupported remediation claims are included.

Official resources

CVE-2017-2767 CVE record
CVE.org
CVE-2017-2767 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]

CVE published by NVD on 2017-02-03; the supplied NVD record was last modified on 2026-05-13. No KEV listing was supplied in the corpus.