CVE ID | CVE-2018-1162 |
CVSS SCORE | 8.5, AV:N/AC:L/Au:S/C:N/I:C/A:C |
AFFECTED VENDORS |
Quest |
AFFECTED PRODUCTS |
NetVault Backup |
VULNERABILITY DETAILS |
The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. |
ADDITIONAL DETAILS |
05/26/17 - ZDI wrote to Dell requesting a disclosure contact for the product This is now fixed with NetVault v11.4.5.15. -- Mitigation: |
DISCLOSURE TIMELINE |
|
CREDIT | rgod |