OS Command Injection Vulnerability in Dell EMC VNX2 Control Station
CVE-2019-3704

7.8HIGH

Key Information:

Vendor: Dell
Status: Vnx Control Station In Dell Emc Vnx2 Oe For File
Vendor: CVE Published:; 7 February 2019

What is CVE-2019-3704?

The Dell EMC VNX2 Control Station is susceptible to an OS command injection vulnerability caused by insufficient restrictions in the sudoers configuration. This flaw allows a local authenticated attacker to execute arbitrary operating system commands with root privileges. Addressing this security issue is crucial to prevent potential exploitation and safeguard critical system operations.

Affected Version(s)

VNX Control Station in Dell EMC VNX2 OE for File < 8.1.9.236

References

http://www.securityfocus.com/bid/106954

vdb-entryx_refsource_BID

https://seclists.org/fulldisclosure/2019/Feb/8

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2019
Vulnerability Reserved
Jan 3, 2019