CVE-2018-1250
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.
Dell EMC Unity y UnityVSA en versiones anteriores a la 4.3.1.1525703027 contiene una vulnerabilidad de omisión de autenticación. Un usuario autenticado remoto podría explotar esta vulnerabilidad para leer archivos en el servidor NAS interactuando directamente con ciertas API de Unity OE, omitiendo el control de autorización basado en roles implementado solo en la interfaz gráfica de usuario de Unisphere.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2018-09-19 CVE Published
- 2024-07-03 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://seclists.org/fulldisclosure/2018/Sep/30 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Emc Unity Firmware Search vendor "Dell" for product "Emc Unity Firmware" | < 4.3.1.1525703027 Search vendor "Dell" for product "Emc Unity Firmware" and version " < 4.3.1.1525703027" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Unity Search vendor "Dell" for product "Emc Unity" | - | - |
Safe
|
Dell Search vendor "Dell" | Emc Unityvsa Search vendor "Dell" for product "Emc Unityvsa" | < 4.3.1.1525703027 Search vendor "Dell" for product "Emc Unityvsa" and version " < 4.3.1.1525703027" | - |
Affected
|