Overview
- Description
- Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD",
"versionEndExcluding": "1.4.1"
}
],
"operator": "OR"
}
]
}
]