← Back

CVE-2018-11064

nvd nist
Published: Oct 5, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.

Affected (2)

Dell
2 products
Emc Unity Operating Environment
Emc Unityvsa Operating Environment
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Emc Unity Operating Environment
From 4.3.0.1522077968 to 4.3.1.1525703027
Emc Unityvsa Operating Environment
From 4.3.0.1522077968 to 4.3.1.1525703027

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: security_alert@emc.com
Third Party AdvisoryVDB Entry
Source: security_alert@emc.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.