Sign-up

ID

VAR-201805-0734


CVE

CVE-2018-1239


TITLE

Dell EMC Unity Operating Environment In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004805

DESCRIPTION

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Multiple Dell EMC Products are prone to multiple remote command-injection vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Customers can refer to Dell EMC target code information at: https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US. Link to remedies: Registered Dell EMC Support customers can download Dell EMC Unity software from the Dell EMC Online Support web site. https://support.emc.com/downloads/39949_Dell-EMC-Unity-Family Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJa6xEFAAoJEHbcu+fsE81ZL2gIAIfkwyT237qfIpxrPZdUKyJB X/HijxN0DU6xLdCw4kzjFCt4I1piYb+Sw/HPPJGfwIXG68oPLrlvJS3cONrEUF3N 7xMEV0qUvrwKApIviJbmNnoOPJeqMYNVY6SXm/iZdsNLNC2YHNmDkpx0KbPJ6G8f bX0GRyaMDA63WK9BGstrFR1MT3gEuCBnem5SC7k6w4dzOTL/ZcQXtNcYIEP1ubV6 9RKZkKr5EYkjB0XcS43knXVyHY9InJq+gxu1R86yz2pusd9WyCn7zTewHQHyVQrv /kCwkaJ57CoFVgKrQj/AzCrBTtia8E5e3hdE93bQncSlacUFE/aBfF4eQ/j2hcY= =IJQe -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2018-1239 // JVNDB: JVNDB-2018-004805 // BID: 104092 // VULHUB: VHN-122344 // PACKETSTORM: 147494

AFFECTED PRODUCTS

vendor:dellmodel:emc unity operating environmentscope:ltversion:4.3.0.1522077968

Trust: 1.8

vendor:dellmodel:emc unityvsa operating environmentscope:ltversion:4.3.0.1522077968

Trust: 1.0

vendor:dellmodel:emc unityvsa operating environmentscope: - version: -

Trust: 0.8

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.0.0.7329527

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.0.2.8627717

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.1.0.9058043

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.0.1.8404134

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.0.1.8320161

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.1.0.8940590

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.0.1.8194551

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.1.0.8959731

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.1.1.9138882

Trust: 0.6

vendor:dellmodel:emc unity operating environmentscope:eqversion:4.1.2.9257522

Trust: 0.6

vendor:emcmodel:unityvsa operating environmentscope:eqversion:0

Trust: 0.3

vendor:emcmodel:unity operating environmentscope:eqversion:0

Trust: 0.3

vendor:emcmodel:unityvsa operating environmentscope:neversion:4.3.0.1522077968

Trust: 0.3

vendor:emcmodel:unity operating environmentscope:neversion:4.3.0.1522077968

Trust: 0.3

sources: BID: 104092 // JVNDB: JVNDB-2018-004805 // CNNVD: CNNVD-201805-221 // NVD: CVE-2018-1239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1239
value: HIGH

Trust: 1.0

NVD: CVE-2018-1239
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-221
value: CRITICAL

Trust: 0.6

VULHUB: VHN-122344
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1239
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122344
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1239
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122344 // JVNDB: JVNDB-2018-004805 // CNNVD: CNNVD-201805-221 // NVD: CVE-2018-1239

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-122344 // JVNDB: JVNDB-2018-004805 // NVD: CVE-2018-1239

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 147494 // CNNVD: CNNVD-201805-221

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201805-221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004805

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-122344

PATCH
title:An Introduction to Unity Software | Dell EMC USurl:https://www.dellemc.com/en-us/documentation/unity-family/unity-p-software-upgrades/01-unity-upg-br-introduction.htm
Trust: 0.8
title:Dell EMC UnityVSAurl:https://www.emc.com/products-solutions/trial-software-download/unity-vsa.htm
Trust: 0.8
title:Dell EMC Unity Operating Environment Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79905
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004805 // 
            
            
            
            CNNVD: CNNVD-201805-221

EXTERNAL IDS
db:NVDid:CVE-2018-1239
Trust: 2.9
db:BIDid:104092
Trust: 1.4
db:JVNDBid:JVNDB-2018-004805
Trust: 0.8
db:CNNVDid:CNNVD-201805-221
Trust: 0.7
db:PACKETSTORMid:147494
Trust: 0.2
db:VULHUBid:VHN-122344
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122344 // 
            
            
            
            BID: 104092 // 
            
            
            
            JVNDB: JVNDB-2018-004805 // 
            
            
            
            PACKETSTORM: 147494 // 
            
            
            
            CNNVD: CNNVD-201805-221 // 
            
            
            
            NVD: CVE-2018-1239

REFERENCES
url:http://seclists.org/fulldisclosure/2018/may/15
Trust: 2.8
url:http://www.securityfocus.com/bid/104092
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1239
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1239
Trust: 0.8
url:http://www.emc.com/
Trust: 0.3
url:https://support.emc.com/downloads/39949_dell-emc-unity-family
Trust: 0.1
url:https://support.emc.com/docu39695_target_revisions_and_adoption_rates.pdf?language=en_us&language=en_us.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122344 // 
            
            
            
            BID: 104092 // 
            
            
            
            JVNDB: JVNDB-2018-004805 // 
            
            
            
            PACKETSTORM: 147494 // 
            
            
            
            CNNVD: CNNVD-201805-221 // 
            
            
            
            NVD: CVE-2018-1239

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104092

SOURCES
db:VULHUBid:VHN-122344
db:BIDid:104092
db:JVNDBid:JVNDB-2018-004805
db:PACKETSTORMid:147494
db:CNNVDid:CNNVD-201805-221
db:NVDid:CVE-2018-1239

LAST UPDATE DATE
2024-11-23T23:12:08.011000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122344date:2019-01-07T00:00:00
db:BIDid:104092date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004805date:2018-06-27T00:00:00
db:CNNVDid:CNNVD-201805-221date:2018-05-09T00:00:00
db:NVDid:CVE-2018-1239date:2024-11-21T03:59:26.677

SOURCES RELEASE DATE
db:VULHUBid:VHN-122344date:2018-05-08T00:00:00
db:BIDid:104092date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004805date:2018-06-27T00:00:00
db:PACKETSTORMid:147494date:2018-05-04T01:19:14
db:CNNVDid:CNNVD-201805-221date:2018-05-09T00:00:00
db:NVDid:CVE-2018-1239date:2018-05-08T13:29:01.850