Sign-up

ID

VAR-201904-0308


CVE

CVE-2019-3720


TITLE

Dell EMC Open Manage System Administrator Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004181

DESCRIPTION

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application and cause denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

Trust: 1.98

sources: NVD: CVE-2019-3720 // JVNDB: JVNDB-2019-004181 // BID: 108092 // VULHUB: VHN-155155

AFFECTED PRODUCTS

vendor:dellmodel:emc openmanage server administratorscope:ltversion:9.3.0

Trust: 1.0

vendor:dellmodel:openmanage server administratorscope:ltversion:9.3.0

Trust: 0.8

vendor:dellmodel:emc open manage system administratorscope:eqversion:9.2

Trust: 0.3

vendor:dellmodel:emc open manage system administratorscope:neversion:9.3

Trust: 0.3

sources: BID: 108092 // JVNDB: JVNDB-2019-004181 // NVD: CVE-2019-3720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3720
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3720
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3720
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-1206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155155
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3720
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155155
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security_alert@emc.com: CVE-2019-3720
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3720
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155155 // JVNDB: JVNDB-2019-004181 // CNNVD: CNNVD-201904-1206 // NVD: CVE-2019-3720 // NVD: CVE-2019-3720

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-155155 // JVNDB: JVNDB-2019-004181 // NVD: CVE-2019-3720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1206

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201904-1206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004181

PATCH
title:DSA-2019-060url:https://www.dell.com/support/article/jp/ja/jpdhs1/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Trust: 0.8
title:Dell EMC OpenManage System Administrator Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92020
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004181 // 
            
            
            
            CNNVD: CNNVD-201904-1206

EXTERNAL IDS
db:NVDid:CVE-2019-3720
Trust: 2.8
db:BIDid:108092
Trust: 2.8
db:JVNDBid:JVNDB-2019-004181
Trust: 0.8
db:CNNVDid:CNNVD-201904-1206
Trust: 0.7
db:NSFOCUSid:43190
Trust: 0.6
db:VULHUBid:VHN-155155
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155155 // 
            
            
            
            BID: 108092 // 
            
            
            
            JVNDB: JVNDB-2019-004181 // 
            
            
            
            CNNVD: CNNVD-201904-1206 // 
            
            
            
            NVD: CVE-2019-3720

REFERENCES
url:http://www.securityfocus.com/bid/108092
Trust: 3.1
url:https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3720
Trust: 1.4
url:https://www.dellemc.com/en-us/index.htm
Trust: 0.9
url:https://www.dell.com/support/article/us/en/19/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3720
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43190
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155155 // 
            
            
            
            BID: 108092 // 
            
            
            
            JVNDB: JVNDB-2019-004181 // 
            
            
            
            CNNVD: CNNVD-201904-1206 // 
            
            
            
            NVD: CVE-2019-3720

CREDITS
Harrison Neal and Murat Aydemir of Biznet Billisim A.S.,Murat Aydemir of Biznet Billisim A.S. ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1206

SOURCES
db:VULHUBid:VHN-155155
db:BIDid:108092
db:JVNDBid:JVNDB-2019-004181
db:CNNVDid:CNNVD-201904-1206
db:NVDid:CVE-2019-3720

LAST UPDATE DATE
2024-11-23T22:00:00.610000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155155date:2023-02-10T00:00:00
db:BIDid:108092date:2019-04-24T00:00:00
db:JVNDBid:JVNDB-2019-004181date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-1206date:2019-10-10T00:00:00
db:NVDid:CVE-2019-3720date:2024-11-21T04:42:24.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-155155date:2019-04-25T00:00:00
db:BIDid:108092date:2019-04-24T00:00:00
db:JVNDBid:JVNDB-2019-004181date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-1206date:2019-04-25T00:00:00
db:NVDid:CVE-2019-3720date:2019-04-25T21:29:00.637