Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3270


EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.


Published

2013-05-20T14:44:35.240

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.1

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application emc vnx_control_station ≤ 7.1.70.1 Yes
Hardware emc vnx 5100 No
Hardware emc vnx 5300 No
Hardware emc vnx 5500 No
Hardware emc vnx 5700 No
Hardware emc vnx 7500 No
Application emc celerra_control_station ≤ 6.0.70.0 Yes
Hardware emc vnx 5100 No
Hardware emc vnx 5300 No
Hardware emc vnx 5500 No
Hardware emc vnx 5700 No
Hardware emc vnx 7500 No

References