CVE-2018-11064
Last modified
CVE-2018-11064 is a vulnerability of currently unknown severity. Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Unity Operating Environment | >= 4.3.0.1522077968, <= 4.3.1.1525703027 |
| Dell | Emc Unityvsa Operating Environment | >= 4.3.0.1522077968, <= 4.3.1.1525703027 |
References
- http://www.securityfocus.com/bid/105447Third Party Advisory, VDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/55Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/105447Third Party Advisory, VDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/55Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11064?
How severe is CVE-2018-11064?
How do I fix CVE-2018-11064?
Are you affected by CVE-2018-11064?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST