Main Vulnerability Database Vulnerabilities #VU14572

#VU14572 Improper file permission in iDRAC Service Module - CVE-2018-11053

Published: August 27, 2018 / Updated: February 21, 2019

Vulnerability identifier: #VU14572

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11053

CWE-ID: CWE-276

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
iDRAC Service Module

Software vendor:
Dell

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the software changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A remote attacker can modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Remediation

Install update from vendor's website.

External links

https://www.dell.com/support/article/ua/ru/uabsdt1/sln310281/ism-dell-emc-idrac-service-module-impro...

#VU14572 Improper file permission in iDRAC Service Module - CVE-2018-11053

Description

Remediation

External links

Please verify you're human