Improper File Permissions in Dell EMC Secure Remote Services
CVE-2018-11080

7.3HIGH

Key Information:

Vendor
Dell
Status
Esrs Virtual Edition
Vendor
CVE Published:
18 October 2018

Summary

Dell EMC Secure Remote Services prior to version 3.32.00.08 includes multiple configuration files with world-readable permissions. This flaw allows authenticated attackers to access the contents of these files. By exploiting this, the attacker may elevate their privileges within the system, potentially leading to further security breaches. It is critical for users of affected versions to update their systems to mitigate these vulnerabilities.

Affected Version(s)

ESRS Virtual Edition < 3.32.00.08

References

https://seclists.org/fulldisclosure/2018/Oct/35
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/105694
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041877
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.