CVE-2018-11053

EPSS 0.1%
Published 26.06.2018 22:29:00
Last modified 21.11.2024 03:42:34
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Idrac Service Module Version3.0.1

   Citrix ≫ Xenserver Version7.1
   Redhat ≫ Enterprise Linux Version6.9
   Redhat ≫ Enterprise Linux Version7.4
   Suse ≫ Suse Linux Enterprise Server Version11 Updatesp4
   Suse ≫ Suse Linux Enterprise Server Version12 Updatesp3

Dell ≫ Emc Idrac Service Module Version3.0.2

Dell ≫ Emc Idrac Service Module Version3.1.0

Dell ≫ Emc Idrac Service Module Version3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.242

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
security_alert@emc.com	6.6	0.8	5.3	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en

Patch

Vendor Advisory

http://www.securityfocus.com/bid/104567

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-11053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11053

EUVD