PT-2018-10271 · Dell · Dell Emc Ecs

Published

2018-07-03

Updated

2019-10-09

CVE-2018-11052

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC ECS versions 3.2.0.0 through 3.2.0.1

Description The issue allows a remote unauthenticated attacker to exploit an authentication bypass, enabling them to read and modify S3 objects by supplying specially crafted S3 requests.

Recommendations For versions 3.2.0.0 and 3.2.0.1, update to a version that contains a fix for this issue to prevent authentication bypass and unauthorized access to S3 objects.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-11052

Affected Products

Dell Emc Ecs

PT-2018-10271 · Dell · Dell Emc Ecs

CVE-2018-11052

Weakness Enumeration

Related Identifiers

Affected Products

References · 4