PT-2018-10278 · Dell Emc · Dell Emc Unityvsa+1

Published

2018-10-05

Updated

2019-10-09

CVE-2018-11064

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC Unity OE versions 4.3.0.x through 4.3.1.x Dell EMC UnityVSA OE versions 4.3.0.x through 4.3.1.x

Description The issue is related to incorrect file permissions, allowing a locally authenticated malicious user to potentially alter multiple library files in service tools. This could result in arbitrary code execution with elevated privileges. It is noted that no user file systems are directly affected by this issue.

Recommendations For Dell EMC Unity OE versions 4.3.0.x through 4.3.1.x, update to a version that fixes the incorrect file permissions issue. For Dell EMC UnityVSA OE versions 4.3.0.x through 4.3.1.x, update to a version that fixes the incorrect file permissions issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-11064

Affected Products

Dell Emc Unity

Dell Emc Unityvsa

PT-2018-10278 · Dell Emc · Dell Emc Unityvsa+1

CVE-2018-11064

Weakness Enumeration

Related Identifiers

Affected Products

References · 4