CVE-2018-11052

EUVD-2018-3096
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
dellemcelastic_cloud_storage
3.2.0.0
dellemcelastic_cloud_storage
3.2.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Jul/1
http://www.securityfocus.com/bid/104660
http://seclists.org/fulldisclosure/2018/Jul/1
http://www.securityfocus.com/bid/104660