CVE-2018-11053 MEDIUM

CVE-2018-11053: iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

Vendor Dell Emc
Product iDRAC Service Module
Published June 26, 2018
Last update September 16, 2024

CVSS base score

6.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Key dates

02Disclosure timeline

June 26, 2018 CVE published
September 16, 2024 Record updated