CVE-2018-11064

Опубликовано: 05 окт. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.

Ссылки

http://www.securityfocus.com/bid/105447
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Sep/55
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/105447
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Sep/55
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*

Версия от 4.3.0.1522077968 (включая) до 4.3.1.1525703027 (включая)

cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*

Версия от 4.3.0.1522077968 (включая) до 4.3.1.1525703027 (включая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-mm4r-hm8p-4r5h