Incorrect File Permissions Vulnerability in Dell EMC Unity Products
CVE-2018-11064

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Unity; Dell Emc Unityvsa
Vendor: CVE Published:; 5 October 2018

What is CVE-2018-11064?

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x, along with UnityVSA OE versions 4.3.0.x and 4.3.1.x, exhibit an Incorrect File Permissions vulnerability. This vulnerability could be exploited by a locally authenticated malicious user, enabling them to modify multiple library files within service tools. Such alterations may result in the execution of arbitrary code with elevated privileges, posing a significant security risk, although user file systems remain unaffected.

Affected Version(s)

Dell EMC Unity 4.3.0.x <= 4.3.1.x

Dell EMC UnityVSA 4.3.0.x <= 4.3.1.x

References

https://seclists.org/fulldisclosure/2018/Sep/55

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/105447

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2018
Vulnerability Reserved
May 14, 2018