Details of VAR-201909-1525

ID

VAR-201909-1525

CVE

CVE-2019-3736

TITLE

Dell EMC Integrated Data Protection Appliance Vulnerable to information leak from cache

Trust: 0.8

sources: JVNDB: JVNDB-2019-009954

DESCRIPTION

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. ACM is one of the application configuration management components

Trust: 1.71

sources: NVD: CVE-2019-3736 // JVNDB: JVNDB-2019-009954 // VULHUB: VHN-155171

AFFECTED PRODUCTS

vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.1	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.2	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.0	Trust: 1.0
vendor:	dell emc old emc	model:	integrated data protection appliance	scope:	lt	version:	2.3	Trust: 0.8

sources: JVNDB: JVNDB-2019-009954 // NVD: CVE-2019-3736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3736
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3736
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3736
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-1308
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155171
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3736
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155171
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3736
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-3736
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-3736
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-155171 // JVNDB: JVNDB-2019-009954 // CNNVD: CNNVD-201909-1308 // NVD: CVE-2019-3736 // NVD: CVE-2019-3736

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	CWE-257	Trust: 1.0
problemtype:	CWE-522	Trust: 0.9

sources: VULHUB: VHN-155171 // JVNDB: JVNDB-2019-009954 // NVD: CVE-2019-3736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1308

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-1308

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009954

PATCH

title:	DSA-2019-112: Dell EMC Integrated Data Protection Appliance Multiple Vulnerabilities	url:	https://www.dell.com/support/security/ja-jp/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities	Trust: 0.8
title:	Dell EMC Integrated Data Protection Appliance ACM Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98700	Trust: 0.6

sources: JVNDB: JVNDB-2019-009954 // CNNVD: CNNVD-201909-1308

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3736	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-009954	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1308	Trust: 0.7
db:	VULHUB	id:	VHN-155171	Trust: 0.1

sources: VULHUB: VHN-155171 // JVNDB: JVNDB-2019-009954 // CNNVD: CNNVD-201909-1308 // NVD: CVE-2019-3736

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/536363/dsa-2019-112-dell-emc-integrated-data-protection-appliance-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3736	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3736	Trust: 0.8

sources: VULHUB: VHN-155171 // JVNDB: JVNDB-2019-009954 // CNNVD: CNNVD-201909-1308 // NVD: CVE-2019-3736

SOURCES

db:	VULHUB	id:	VHN-155171
db:	JVNDB	id:	JVNDB-2019-009954
db:	CNNVD	id:	CNNVD-201909-1308
db:	NVD	id:	CVE-2019-3736

LAST UPDATE DATE

2024-11-23T22:25:46.105000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155171	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-009954	date:	2019-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201909-1308	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-3736	date:	2024-11-21T04:42:26.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155171	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-009954	date:	2019-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201909-1308	date:	2019-09-27T00:00:00
db:	NVD	id:	CVE-2019-3736	date:	2019-09-27T21:15:10.080