PT-2018-10278 · Dell Emc · Dell Emc Unityvsa+1

Publicado

2018-10-05

Atualizado

2019-10-09

CVE-2018-11064

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC Unity OE versions 4.3.0.x through 4.3.1.x Dell EMC UnityVSA OE versions 4.3.0.x through 4.3.1.x

Description The issue is related to incorrect file permissions, allowing a locally authenticated malicious user to potentially alter multiple library files in service tools. This could result in arbitrary code execution with elevated privileges. It is noted that no user file systems are directly affected by this issue.

Recommendations For Dell EMC Unity OE versions 4.3.0.x through 4.3.1.x, update to a version that fixes the incorrect file permissions issue. For Dell EMC UnityVSA OE versions 4.3.0.x through 4.3.1.x, update to a version that fixes the incorrect file permissions issue.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2018-11064

Produtos afetados

Dell Emc Unity

Dell Emc Unityvsa

PT-2018-10278 · Dell Emc · Dell Emc Unityvsa+1

CVE-2018-11064

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4