Lucene search

DellCVELIST:CVE-2018-11053

HistoryJun 26, 2018 - 12:00 a.m.

CVE-2018-11053 iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

2018-06-2600:00:00

dell

www.cve.org

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

CNA Affected

[
  {
    "product": "iDRAC Service Module ",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.1"
      },
      {
        "status": "affected",
        "version": "3.0.2"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.2.0"
      }
    ]
  }
]

References

www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en

www.securityfocus.com/bid/104567

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for CVELIST:CVE-2018-11053