← back
CVE-2019-3704

CVE-2019-3704

CVSS 7.8 HIGHEPSS 0.9%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Feb 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Dell EMC · VNX Control Station in Dell EMC VNX2 OE for File

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://seclists.org/fulldisclosure/2019/Feb/8http://www.securityfocus.com/bid/106954