CVE-2018-11064
HIGHDell EMC Unity/UnityVSA OE 4.3.0.x-4.3.1.x Authenticated Arbitrary Code Execution
Title source: llmDescription
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Sep/55
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105447
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
30.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
dell/emc_unity_operating_environment
4.3.0.1522077968 - 4.3.1.1525703027
dell/emc_unityvsa_operating_environment
4.3.0.1522077968 - 4.3.1.1525703027
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026