Sign-up

ID

VAR-201808-0598


CVE

CVE-2018-11063


TITLE

Dell WMS Vulnerabilities related to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2018-009205

DESCRIPTION

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges. Dell Wyse Management Suite (WMS) is a scalable solution for managing and optimizing Wyse endpoints from Dell. The offering includes centralized Wyse endpoint management, asset tracking and automatic device discovery, among others

Trust: 1.71

sources: NVD: CVE-2018-11063 // JVNDB: JVNDB-2018-009205 // VULHUB: VHN-120885

AFFECTED PRODUCTS

vendor:dellmodel:wyse management suitescope:lteversion:1.1

Trust: 1.8

vendor:dellmodel:wyse management suitescope:eqversion:1.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-009205 // CNNVD: CNNVD-201808-280 // NVD: CVE-2018-11063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11063
value: HIGH

Trust: 1.0

NVD: CVE-2018-11063
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-280
value: MEDIUM

Trust: 0.6

VULHUB: VHN-120885
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11063
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120885
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11063
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120885 // JVNDB: JVNDB-2018-009205 // CNNVD: CNNVD-201808-280 // NVD: CVE-2018-11063

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.9

sources: VULHUB: VHN-120885 // JVNDB: JVNDB-2018-009205 // NVD: CVE-2018-11063

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-280

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-280

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009205

PATCH
title:Dell Wyse Management Suite Multiple Unquoted Service Path Vulnerabilitiesurl:https://www.dell.com/support/article/jp/ja/jpbsd1/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en
Trust: 0.8
title:Dell Wyse Management Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83906
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009205 // 
            
            
            
            CNNVD: CNNVD-201808-280

EXTERNAL IDS
db:NVDid:CVE-2018-11063
Trust: 2.5
db:JVNDBid:JVNDB-2018-009205
Trust: 0.8
db:CNNVDid:CNNVD-201808-280
Trust: 0.7
db:VULHUBid:VHN-120885
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120885 // 
            
            
            
            JVNDB: JVNDB-2018-009205 // 
            
            
            
            CNNVD: CNNVD-201808-280 // 
            
            
            
            NVD: CVE-2018-11063

REFERENCES
url:https://www.dell.com/support/article/us/en/19/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11063
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11063
Trust: 0.8
sources:
            
            
            VULHUB: VHN-120885 // 
            
            
            
            JVNDB: JVNDB-2018-009205 // 
            
            
            
            CNNVD: CNNVD-201808-280 // 
            
            
            
            NVD: CVE-2018-11063

SOURCES
db:VULHUBid:VHN-120885
db:JVNDBid:JVNDB-2018-009205
db:CNNVDid:CNNVD-201808-280
db:NVDid:CVE-2018-11063

LAST UPDATE DATE
2024-11-23T21:38:26.487000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120885date:2018-10-16T00:00:00
db:JVNDBid:JVNDB-2018-009205date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-280date:2018-08-13T00:00:00
db:NVDid:CVE-2018-11063date:2024-11-21T03:42:36.247

SOURCES RELEASE DATE
db:VULHUBid:VHN-120885date:2018-08-10T00:00:00
db:JVNDBid:JVNDB-2018-009205date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-280date:2018-08-13T00:00:00
db:NVDid:CVE-2018-11063date:2018-08-10T20:29:00.353