Lucene search

[email protected]NVD:CVE-2018-11053

HistoryJun 26, 2018 - 10:29 p.m.

CVE-2018-11053

2018-06-2622:29:00

CWE-732

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Affected configurations

Nvd

Node

citrixxenserverMatch7.1

redhatenterprise_linuxMatch6.9

redhatenterprise_linuxMatch7.4

susesuse_linux_enterprise_serverMatch11sp4

susesuse_linux_enterprise_serverMatch12sp3

AND

dellemc_idrac_service_moduleMatch3.0.1

dellemc_idrac_service_moduleMatch3.0.2

dellemc_idrac_service_moduleMatch3.1.0

dellemc_idrac_service_moduleMatch3.2.0

VendorProductVersionCPE
citrixxenserver7.1cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*
redhatenterprise_linux6.9cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*
redhatenterprise_linux7.4cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
susesuse_linux_enterprise_server12cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*
dellemc_idrac_service_module3.0.1cpe:2.3:a:dell:emc_idrac_service_module:3.0.1:*:*:*:*:*:*:*
dellemc_idrac_service_module3.0.2cpe:2.3:a:dell:emc_idrac_service_module:3.0.2:*:*:*:*:*:*:*
dellemc_idrac_service_module3.1.0cpe:2.3:a:dell:emc_idrac_service_module:3.1.0:*:*:*:*:*:*:*
dellemc_idrac_service_module3.2.0cpe:2.3:a:dell:emc_idrac_service_module:3.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	xenserver	7.1	cpe:2.3:a:citrix:xenserver:7.1:::::::*
redhat	enterprise_linux	6.9	cpe:2.3:o:redhat:enterprise_linux:6.9:::::::*
redhat	enterprise_linux	7.4	cpe:2.3:o:redhat:enterprise_linux:7.4:::::::*
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4::::::
suse	suse_linux_enterprise_server	12	cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3::::::
dell	emc_idrac_service_module	3.0.1	cpe:2.3:a:dell:emc_idrac_service_module:3.0.1:::::::*
dell	emc_idrac_service_module	3.0.2	cpe:2.3:a:dell:emc_idrac_service_module:3.0.2:::::::*
dell	emc_idrac_service_module	3.1.0	cpe:2.3:a:dell:emc_idrac_service_module:3.1.0:::::::*
dell	emc_idrac_service_module	3.2.0	cpe:2.3:a:dell:emc_idrac_service_module:3.2.0:::::::*

References

www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en

www.securityfocus.com/bid/104567

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

Related for NVD:CVE-2018-11053

cve1 prion1 cvelist1