Sign-up

ID

VAR-201809-0442


CVE

CVE-2018-11078


TITLE

Dell EMC VPlex GeoSynchrony Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010724

DESCRIPTION

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. Dell EMC VPlex GeoSynchrony Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC VPlex is a new generation of data storage platform for information movement and access within the data center, across data centers and between data centers of Dell; GeoSynchrony is a set of VPLEX operating system. A remote attacker could exploit this vulnerability to gain access to data on the target system and modify the data. Link to remedies: Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA). -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs 2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ +67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8 nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o= =+3mo -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2018-11078 // JVNDB: JVNDB-2018-010724 // VULHUB: VHN-120901 // PACKETSTORM: 149276

AFFECTED PRODUCTS

vendor:dellmodel:emc vplex geosynchronyscope:ltversion:6.1

Trust: 1.8

sources: JVNDB: JVNDB-2018-010724 // NVD: CVE-2018-11078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11078
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2018-11078
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11078
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-433
value: HIGH

Trust: 0.6

VULHUB: VHN-120901
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11078
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120901
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11078
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

security_alert@emc.com: CVE-2018-11078
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-120901 // JVNDB: JVNDB-2018-010724 // CNNVD: CNNVD-201809-433 // NVD: CVE-2018-11078 // NVD: CVE-2018-11078

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-120901 // JVNDB: JVNDB-2018-010724 // NVD: CVE-2018-11078

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 149276 // CNNVD: CNNVD-201809-433

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-433

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010724

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-120901

PATCH
title:Dell EMC VPLEXurl:https://www.dellemc.com/en-us/storage/vplex.htm#collapse
Trust: 0.8
title:Dell EMC VPlex GeoSynchrony Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84723
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010724 // 
            
            
            
            CNNVD: CNNVD-201809-433

EXTERNAL IDS
db:NVDid:CVE-2018-11078
Trust: 2.6
db:SECTRACKid:1041613
Trust: 1.7
db:JVNDBid:JVNDB-2018-010724
Trust: 0.8
db:CNNVDid:CNNVD-201809-433
Trust: 0.6
db:PACKETSTORMid:149276
Trust: 0.2
db:VULHUBid:VHN-120901
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120901 // 
            
            
            
            JVNDB: JVNDB-2018-010724 // 
            
            
            
            PACKETSTORM: 149276 // 
            
            
            
            CNNVD: CNNVD-201809-433 // 
            
            
            
            NVD: CVE-2018-11078

REFERENCES
url:https://seclists.org/fulldisclosure/2018/sep/10
Trust: 2.5
url:http://www.securitytracker.com/id/1041613
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-11078
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11078
Trust: 0.8
sources:
            
            
            VULHUB: VHN-120901 // 
            
            
            
            JVNDB: JVNDB-2018-010724 // 
            
            
            
            PACKETSTORM: 149276 // 
            
            
            
            CNNVD: CNNVD-201809-433 // 
            
            
            
            NVD: CVE-2018-11078

SOURCES
db:VULHUBid:VHN-120901
db:JVNDBid:JVNDB-2018-010724
db:PACKETSTORMid:149276
db:CNNVDid:CNNVD-201809-433
db:NVDid:CVE-2018-11078

LAST UPDATE DATE
2024-11-23T23:02:01.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120901date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-010724date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-433date:2019-10-17T00:00:00
db:NVDid:CVE-2018-11078date:2024-11-21T03:42:38.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-120901date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-010724date:2018-12-20T00:00:00
db:PACKETSTORMid:149276date:2018-09-07T23:33:33
db:CNNVDid:CNNVD-201809-433date:2018-09-11T00:00:00
db:NVDid:CVE-2018-11078date:2018-09-11T19:29:01.520