CVE-2019-3704

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate…

dell·CWE-78·Published 2019-02-07

CVSS

—

EPSS

0.01

KEV

Exploits

cve.orgen

301 chars

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

NVDen

301 chars

NVDes

369 chars

VNX Control Station en Dell EMC VNX2 OE for File, en versiones anteriores a la 8.1.9.236, contiene una vulnerabilidad de inyección de comandos del sistema operativo. Debido a las restricciones inadecuadas configuradas en sudores, un usuario local autenticado malicioso podría ejecutar comandos arbitrarios del sistema operativo como root explotando esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.0	Primary	cve.org	7.8	—	—	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H