Vulnerability CVE-2018-1239


Published: 2018-05-08

Description:
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

Vendor: DELL
Product: Emc unityvsa operating environment 
Version:
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527
Product: Emc unity operating environment 
Version:
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://seclists.org/fulldisclosure/2018/May/15
http://www.securityfocus.com/bid/104092

Related CVE
CVE-2018-15776
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
CVE-2018-15774
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could pot...
CVE-2018-15773
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencryp...
CVE-2018-11077
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerabili...
CVE-2018-11076
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may b...
CVE-2018-11067
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerabilit...
CVE-2018-11066
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerab...
CVE-2018-11064
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple li...

Copyright 2019, cxsecurity.com

 

Back to Top