CVE-2019-3704

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Published : 2019-02-07 19:29 Updated : 2019-02-11 16:41

7.2
CVSS Score More info
Score 7.2 / 10
7.2

CPE

There is no CPE for this CVE.

CWE

ID Name Description Links
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-02-11 16:41
2019-02-11 11:29
2019-02-07 19:29

New CVE