CVE-2018-11064Incorrect Permission Assignment in EMC Unity

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell EMC UnityDell EMC UnityvsaDell EMC Unity Operating Environment+1 more
Timeline
PublishedOct 5
Latest updateMay 13

Description

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5dell_emc/dell_emc_unityvsa4.3.0.x4.3.1.x
NVDdell/emc_unityvsa_operating_environment4.3.0.15220779684.3.1.1525703027
CVEListV5dell_emc/dell_emc_unity4.3.0.x4.3.1.x
NVDdell/emc_unity_operating_environment4.3.0.15220779684.3.1.1525703027

🔴Vulnerability Details

2
GHSA
GHSA-mm4r-hm8p-4r5h: Dell EMC Unity OE versions 42022-05-13
CVEList
CVE-2018-11064: Dell EMC Unity OE versions 42018-10-05
CVE-2018-11064 — Incorrect Permission Assignment | cvebase