Sign-up

ID

VAR-202004-1909


CVE

CVE-2020-5350


TITLE

Dell EMC Integrated Data Protection Appliance In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004601

DESCRIPTION

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. (DoS) It may be put into a state. ACM is one of the application configuration management components. An attacker could exploit this vulnerability with specially crafted parameters to manipulate passwords and execute malicious commands

Trust: 1.71

sources: NVD: CVE-2020-5350 // JVNDB: JVNDB-2020-004601 // VULHUB: VHN-183475

AFFECTED PRODUCTS

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.8

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.8

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.8

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.3

Trust: 1.8

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4

Trust: 1.8

sources: JVNDB: JVNDB-2020-004601 // NVD: CVE-2020-5350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5350
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5350
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004601
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1150
value: HIGH

Trust: 0.6

VULHUB: VHN-183475
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5350
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004601
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183475
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5350
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5350
baseSeverity: HIGH
baseScore: 7.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004601
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183475 // JVNDB: JVNDB-2020-004601 // CNNVD: CNNVD-202004-1150 // NVD: CVE-2020-5350 // NVD: CVE-2020-5350

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-183475 // JVNDB: JVNDB-2020-004601 // NVD: CVE-2020-5350

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1150

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004601

PATCH
title:DSA-2020-079: Dell EMC Integrated Data Protection Appliance Command Injection Vulnerabilityurl:https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability
Trust: 0.8
title:Dell EMC Integrated Data Protection Appliance Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116042
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004601 // 
            
            
            
            CNNVD: CNNVD-202004-1150

EXTERNAL IDS
db:NVDid:CVE-2020-5350
Trust: 2.5
db:JVNDBid:JVNDB-2020-004601
Trust: 0.8
db:CNNVDid:CNNVD-202004-1150
Trust: 0.7
db:VULHUBid:VHN-183475
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183475 // 
            
            
            
            JVNDB: JVNDB-2020-004601 // 
            
            
            
            CNNVD: CNNVD-202004-1150 // 
            
            
            
            NVD: CVE-2020-5350

REFERENCES
url:https://www.dell.com/support/security/en-us/details/542518/dsa-2020-079-dell-emc-integrated-data-protection-appliance-command-injection-vulnerability
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5350
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5350
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183475 // 
            
            
            
            JVNDB: JVNDB-2020-004601 // 
            
            
            
            CNNVD: CNNVD-202004-1150 // 
            
            
            
            NVD: CVE-2020-5350

SOURCES
db:VULHUBid:VHN-183475
db:JVNDBid:JVNDB-2020-004601
db:CNNVDid:CNNVD-202004-1150
db:NVDid:CVE-2020-5350

LAST UPDATE DATE
2024-11-23T23:04:24.601000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183475date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-004601date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1150date:2020-04-20T00:00:00
db:NVDid:CVE-2020-5350date:2024-11-21T05:33:57.823

SOURCES RELEASE DATE
db:VULHUBid:VHN-183475date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004601date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1150date:2020-04-15T00:00:00
db:NVDid:CVE-2020-5350date:2020-04-15T18:15:15.693