Details of VAR-201907-0095

ID

VAR-201907-0095

CVE

CVE-2019-3741

TITLE

Dell EMC Unity and UnityVSA Vulnerability in protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2019-006739

DESCRIPTION

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity and UnityVSA Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may leverage these issues to bypass certain security restrictions and obtain sensitive information; this may aid in launching further attacks. UnityVSA is a virtual Unity storage environment

Trust: 1.98

sources: NVD: CVE-2019-3741 // JVNDB: JVNDB-2019-006739 // BID: 109309 // VULHUB: VHN-155176

AFFECTED PRODUCTS

vendor:	dell	model:	emc unity operating environment	scope:	lt	version:	5.0.0.0.5.116	Trust: 1.8
vendor:	dell	model:	emc unityvsa operating environment	scope:	lt	version:	5.0.0.0.5.116	Trust: 1.8
vendor:	dell	model:	emc unityvsa operating environment	scope:	eq	version:	0	Trust: 0.3
vendor:	dell	model:	emc unity operating environment	scope:	eq	version:	0	Trust: 0.3
vendor:	dell	model:	emc unityvsa operating environment	scope:	ne	version:	5.0.0.0.5.116	Trust: 0.3
vendor:	dell	model:	emc unity operating environment	scope:	ne	version:	5.0.0.0.5.116	Trust: 0.3

sources: BID: 109309 // JVNDB: JVNDB-2019-006739 // NVD: CVE-2019-3741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3741
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3741
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3741
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-1080
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155176
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-3741
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155176
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3741
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-155176 // JVNDB: JVNDB-2019-006739 // CNNVD: CNNVD-201907-1080 // NVD: CVE-2019-3741 // NVD: CVE-2019-3741

PROBLEMTYPE DATA

problemtype:

CWE-693

Trust: 1.9

sources: VULHUB: VHN-155176 // JVNDB: JVNDB-2019-006739 // NVD: CVE-2019-3741

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1080

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-1080

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006739

PATCH

title:	An Introduction to Unity Software \| Dell EMC US	url:	https://www.dellemc.com/en-us/documentation/unity-family/unity-p-software-upgrades/01-unity-upg-br-introduction.htm	Trust: 0.8
title:	Dell EMC UnityVSA	url:	https://www.dellemc.com/en-us/products-solutions/trial-software-download/unity-vsa.htm	Trust: 0.8
title:	Dell EMC Unity and UnityVSA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95094	Trust: 0.6

sources: JVNDB: JVNDB-2019-006739 // CNNVD: CNNVD-201907-1080

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3741	Trust: 2.8
db:	JVNDB	id:	JVNDB-2019-006739	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1080	Trust: 0.7
db:	BID	id:	109309	Trust: 0.3
db:	VULHUB	id:	VHN-155176	Trust: 0.1

sources: VULHUB: VHN-155176 // BID: 109309 // JVNDB: JVNDB-2019-006739 // CNNVD: CNNVD-201907-1080 // NVD: CVE-2019-3741

REFERENCES

url:	https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3741	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3741	Trust: 0.8
url:	http://dell.com	Trust: 0.3
url:	https://www.dell.com/support/security/us/en/19/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities	Trust: 0.3

sources: VULHUB: VHN-155176 // BID: 109309 // JVNDB: JVNDB-2019-006739 // CNNVD: CNNVD-201907-1080 // NVD: CVE-2019-3741

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 109309

SOURCES

db:	VULHUB	id:	VHN-155176
db:	BID	id:	109309
db:	JVNDB	id:	JVNDB-2019-006739
db:	CNNVD	id:	CNNVD-201907-1080
db:	NVD	id:	CVE-2019-3741

LAST UPDATE DATE

2024-11-23T21:59:50.496000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155176	date:	2020-02-10T00:00:00
db:	BID	id:	109309	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-006739	date:	2019-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201907-1080	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-3741	date:	2024-11-21T04:42:26.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155176	date:	2019-07-18T00:00:00
db:	BID	id:	109309	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-006739	date:	2019-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201907-1080	date:	2019-07-18T00:00:00
db:	NVD	id:	CVE-2019-3741	date:	2019-07-18T16:15:12.470