ID CVE-2018-11063
Summary Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:pro:*:*:*
    cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:pro:*:*:*
  • cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:standard:*:*:*
    cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:standard:*:*:*
CVSS
Base: 4.6 (as of 16-10-2018 - 17:09)
Impact:
Exploitability:
CWE CWE-428
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc https://www.dell.com/support/article/us/en/19/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en
Last major update 16-10-2018 - 17:09
Published 10-08-2018 - 20:29
Last modified 16-10-2018 - 17:09
Back to Top