CVE-2019-3704

Published: Feb 7, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Affected (1)

Products: Dell: Emc Vnx2 Firmware

1 product

Emc Vnx2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Vnx2 Firmware	Before 8.1.9.217

Running on/with	Platform Versions
Dell Emc Vnx2	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://www.securityfocus.com/bid/106954

Source: security_alert@emc.com

Third Party Advisory

https://seclists.org/fulldisclosure/2019/Feb/8

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106954

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/fulldisclosure/2019/Feb/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.