Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-11053

Опубликовано: 26 июн. 2018
Источник: nvd
CVSS3: 6.6
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:dell:emc_idrac_service_module:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_idrac_service_module:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_idrac_service_module:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_idrac_service_module:3.2.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*

EPSS

Процентиль: 27%
0.00097
Низкий

6.6 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

github логотип

GHSA-ppf5-mgf6-gfp3

CVSS3: 6.5
github
больше 3 лет назад

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

EPSS

Процентиль: 27%
0.00097
Низкий

6.6 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732