Vulnerability Description
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Unity Operating Environment | >= 4.3.0.1522077968, <= 4.3.1.1525703027 |
| Dell | Emc Unityvsa Operating Environment | >= 4.3.0.1522077968, <= 4.3.1.1525703027 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105447Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/55Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105447Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/55Mailing ListThird Party Advisory
FAQ
What is CVE-2018-11064?
CVE-2018-11064 is a vulnerability with a CVSS score of 7.8 (HIGH). Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potential...
How severe is CVE-2018-11064?
CVE-2018-11064 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11064?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Unity Operating Environment, Dell Emc Unityvsa Operating Environment.