Dell EMC Open Manage System Administrator up to 9.2.x directory traversal – Digitalmunition




Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on April 26th, 2019 📆 | 1521 Views ⚑

0

Dell EMC Open Manage System Administrator up to 9.2.x directory traversal

CVSS Meta Temp ScoreCurrent Exploit Price (≈)
6.0$0-$5k

A vulnerability was found in Dell EMC Open Manage System Administrator up to 9.2.x. It has been declared as critical. Affected by this vulnerability is a code block. The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE definition for the vulnerability is CWE-22. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was disclosed 04/25/2019. This vulnerability is known as CVE-2019-3720 since 01/03/2019. The attack can be launched remotely. A single authentication is required for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/26/2019).

Upgrading to version 9.3.0 eliminates this vulnerability.

The entries 134108 are pretty similar.

Vendor

Name

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?

AVACAuCIA
??????
??????
??????
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock


VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Directory traversal (CWE-22)
Local: No
Remote: Yes

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?

Upgrade: Open Manage System Administrator 9.3.0

01/03/2019 CVE assigned
04/25/2019 +112 days Advisory disclosed
04/26/2019 +1 days VulDB entry created
04/26/2019 +0 days VulDB last updateCVE: CVE-2019-3720 (?)
See also: ?Created: 04/26/2019 08:23 AM
Complete: ?

Comments

No comments yet. Please log in to comment.

Upgrade your account now!

https://vuldb.com/?id.134107

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...