PT-2020-9965 · Dell Emc · Dell Emc Xtremio Xms

Published

2020-03-13

Updated

2020-03-18

CVE-2019-18577

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Dell EMC XtremIO XMS versions prior to 6.3.0

Description: The issue is related to an incorrect permission assignment. A malicious local user with XtremIO xinstall privileges may exploit this to gain root access.

Recommendations: For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the xinstall privileges to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-18577

Affected Products

Dell Emc Xtremio Xms

PT-2020-9965 · Dell Emc · Dell Emc Xtremio Xms

CVE-2019-18577

Weakness Enumeration

Related Identifiers

Affected Products

References · 4