CVE-2018-11063 — Unquoted Search Path or Element in Dell Wyse Management Suite

CWE-428 — Unquoted Search Path or Element3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 84.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedAug 10

Latest updateMay 14

Description

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteStandard — 1.1+1

▶NVDdell/wyse_management_suite1.1

🔴Vulnerability Details

GHSA

GHSA-q55h-fqrf-q889: Dell WMS versions 1↗2022-05-14

▶

CVEList

CVE-2018-11063: Dell WMS versions 1↗2018-08-10

▶