CVE-2018-1239

Published: May 8, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

Affected (2)

Products: Dell: Emc Unity Operating Environment, Emc Unityvsa Operating Environment

2 products

Emc Unity Operating Environment

Emc Unityvsa Operating Environment

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Unity Operating Environment	Before 4.3.0.1522077968
Dell Emc Unityvsa Operating Environment	Before 4.3.0.1522077968

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://seclists.org/fulldisclosure/2018/May/15

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/104092

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/May/15

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/104092

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.