CVE-2018-11053

EPSS 0.1%
Veröffentlicht 26.06.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 03:42:34
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Idrac Service Module Version3.0.1

   Citrix ≫ Xenserver Version7.1
   Redhat ≫ Enterprise Linux Version6.9
   Redhat ≫ Enterprise Linux Version7.4
   Suse ≫ Suse Linux Enterprise Server Version11 Updatesp4
   Suse ≫ Suse Linux Enterprise Server Version12 Updatesp3

Dell ≫ Emc Idrac Service Module Version3.0.2

Dell ≫ Emc Idrac Service Module Version3.1.0

Dell ≫ Emc Idrac Service Module Version3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.242

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
security_alert@emc.com	6.6	0.8	5.3	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en

Patch

Vendor Advisory

http://www.securityfocus.com/bid/104567

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-11053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11053

EUVD