CVE-2018-1239 — OS Command Injection in Dell EMC Unity Operating Environment

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

2.5%

top 14.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Unity Operating Environment Dell EMC Unityvsa Operating Environment Dell EMC Unity Operating Environment

Timeline

PublishedMay 8

Latest updateMay 14

Description

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDdell/emc_unity_operating_environment< 4.3.0.1522077968

▶NVDdell/emc_unityvsa_operating_environment< 4.3.0.1522077968

▶CVEListV5dell_emc/unity_operating_environmentversions prior to 4.3.0.1522077968

🔴Vulnerability Details

GHSA

GHSA-vprp-mqwj-m22m: Dell EMC Unity Operating Environment (OE) versions prior to 4↗2022-05-14

▶

CVEList

CVE-2018-1239: Dell EMC Unity Operating Environment (OE) versions prior to 4↗2018-05-08

▶