CVE-2018-11078

MEDIUM

Dell Emc Vplex Geosynchrony < 6.1 - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041613
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Sep/10

Scores

CVSS v3 4.0
EPSS 0.0010
EPSS Percentile 27.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-732
Status published
Products (1)
dell/emc_vplex_geosynchrony < 6.1
Published Sep 11, 2018
Tracked Since Feb 18, 2026