VNX Control Station in Dell EMC VNX2 OE for File versions prior to contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Published : 2019-02-07 19:29 Updated : 2019-02-11 16:41

CVSS Score More info
Score 7.2 / 10


There is no CPE for this CVE.


ID Name Description Links
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-02-11 16:41
2019-02-11 11:29
2019-02-07 19:29