Details of VAR-202101-0512

ID

VAR-202101-0512

CVE

CVE-2020-29489

TITLE

plural Dell EMC Vulnerability in plaintext storage of important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-015388

DESCRIPTION

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Trust: 1.71

sources: NVD: CVE-2020-29489 // JVNDB: JVNDB-2020-015388 // VULHUB: VHN-376193

AFFECTED PRODUCTS

vendor:	dell	model:	emc unity xt operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	dell	model:	emc unity operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	dell	model:	emc unity vsa operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	デル	model:	dell emc unityvsa operating environment	scope:	eq	version:	5.0.4.0.5.012	Trust: 0.8
vendor:	デル	model:	dell emc unity xt operating environment	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc unity operating environment	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015388 // NVD: CVE-2020-29489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29489
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29489
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-29489
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-295
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-376193
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-29489
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-376193
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-29489
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-29489
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29489
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-376193 // JVNDB: JVNDB-2020-015388 // CNNVD: CNNVD-202101-295 // NVD: CVE-2020-29489 // NVD: CVE-2020-29489

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	CWE-276	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376193 // JVNDB: JVNDB-2020-015388 // NVD: CVE-2020-29489

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-295

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-295

PATCH

title:	DSA-2020-276	url:	https://www.dell.com/support/kbdoc/ja-jp/000181248/dsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilitiesdsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell EMC Unity,UnityVSA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138446	Trust: 0.6

sources: JVNDB: JVNDB-2020-015388 // CNNVD: CNNVD-202101-295

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29489	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015388	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-295	Trust: 0.6
db:	VULHUB	id:	VHN-376193	Trust: 0.1

sources: VULHUB: VHN-376193 // JVNDB: JVNDB-2020-015388 // CNNVD: CNNVD-202101-295 // NVD: CVE-2020-29489

REFERENCES

url:	https://www.dell.com/support/kbdoc/000181248	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29489	Trust: 1.4

sources: VULHUB: VHN-376193 // JVNDB: JVNDB-2020-015388 // CNNVD: CNNVD-202101-295 // NVD: CVE-2020-29489

SOURCES

db:	VULHUB	id:	VHN-376193
db:	JVNDB	id:	JVNDB-2020-015388
db:	CNNVD	id:	CNNVD-202101-295
db:	NVD	id:	CVE-2020-29489

LAST UPDATE DATE

2024-11-23T22:47:43.907000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376193	date:	2021-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-015388	date:	2021-09-21T07:17:00
db:	CNNVD	id:	CNNVD-202101-295	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2020-29489	date:	2024-11-21T05:24:05.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376193	date:	2021-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-015388	date:	2021-09-21T00:00:00
db:	CNNVD	id:	CNNVD-202101-295	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-29489	date:	2021-01-05T22:15:13.877