Lucene search

[email protected]NVD:CVE-2019-18575

HistoryDec 06, 2019 - 9:15 p.m.

CVE-2019-18575

2019-12-0621:15:10

CWE-59

CWE-427

[email protected]

web.nvd.nist.gov

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

12.6%

JSON

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Affected configurations

Nvd

Node

dellcommand\|configureRange<4.2.1

VendorProductVersionCPE
dellcommand\|configure*cpe:2.3:a:dell:command\|configure:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	command\\|configure	*	cpe:2.3:a:dell:command\\|configure::::::::

References

www.dell.com/support/article/SLN319715

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2019-18575

symantec1 cvelist1 prion1 cve1