Vulnerability Description
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Vnx2 Firmware | < 8.1.9.217 |
| Dell | Emc Vnx2 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106954Third Party Advisory
- https://seclists.org/fulldisclosure/2019/Feb/8Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/106954Third Party Advisory
- https://seclists.org/fulldisclosure/2019/Feb/8Mailing ListThird Party Advisory
FAQ
What is CVE-2019-3704?
CVE-2019-3704 is a vulnerability with a CVSS score of 7.8 (HIGH). VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated mal...
How severe is CVE-2019-3704?
CVE-2019-3704 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3704?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Vnx2 Firmware, Dell Emc Vnx2.