Sign-up

ID

VAR-201907-0245


CVE

CVE-2019-3734


TITLE

Dell EMC Unity and UnityVSA Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006738

DESCRIPTION

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users. Dell EMC Unity and UnityVSA Contains an authorization vulnerability.Information may be tampered with. An attacker may leverage these issues to bypass certain security restrictions and obtain sensitive information; this may aid in launching further attacks. UnityVSA is a virtual Unity storage environment. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-3734 // JVNDB: JVNDB-2019-006738 // BID: 109309 // VULHUB: VHN-155169

AFFECTED PRODUCTS

vendor:dellmodel:emc unity operating environmentscope:ltversion:5.0.0.0.5.116

Trust: 1.8

vendor:dellmodel:emc unityvsa operating environmentscope:ltversion:5.0.0.0.5.116

Trust: 1.8

vendor:dellmodel:emc unityvsa operating environmentscope:eqversion:0

Trust: 0.3

vendor:dellmodel:emc unity operating environmentscope:eqversion:0

Trust: 0.3

vendor:dellmodel:emc unityvsa operating environmentscope:neversion:5.0.0.0.5.116

Trust: 0.3

vendor:dellmodel:emc unity operating environmentscope:neversion:5.0.0.0.5.116

Trust: 0.3

sources: BID: 109309 // JVNDB: JVNDB-2019-006738 // NVD: CVE-2019-3734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3734
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3734
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3734
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-1078
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155169
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3734
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155169
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3734
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

security_alert@emc.com: CVE-2019-3734
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-155169 // JVNDB: JVNDB-2019-006738 // CNNVD: CNNVD-201907-1078 // NVD: CVE-2019-3734 // NVD: CVE-2019-3734

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-285

Trust: 0.9

sources: VULHUB: VHN-155169 // JVNDB: JVNDB-2019-006738 // NVD: CVE-2019-3734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1078

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-1078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006738

PATCH
title:An Introduction to Unity Software | Dell EMC USurl:https://www.dellemc.com/en-us/documentation/unity-family/unity-p-software-upgrades/01-unity-upg-br-introduction.htm
Trust: 0.8
title:Dell EMC UnityVSAurl:https://www.dellemc.com/en-us/products-solutions/trial-software-download/unity-vsa.htm
Trust: 0.8
title:Dell EMC Unity  and UnityVSA Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95093
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006738 // 
            
            
            
            CNNVD: CNNVD-201907-1078

EXTERNAL IDS
db:NVDid:CVE-2019-3734
Trust: 2.8
db:JVNDBid:JVNDB-2019-006738
Trust: 0.8
db:CNNVDid:CNNVD-201907-1078
Trust: 0.7
db:BIDid:109309
Trust: 0.3
db:CNVDid:CNVD-2020-15721
Trust: 0.1
db:VULHUBid:VHN-155169
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155169 // 
            
            
            
            BID: 109309 // 
            
            
            
            JVNDB: JVNDB-2019-006738 // 
            
            
            
            CNNVD: CNNVD-201907-1078 // 
            
            
            
            NVD: CVE-2019-3734

REFERENCES
url:https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3734
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3734
Trust: 0.8
url:http://dell.com
Trust: 0.3
url:https://www.dell.com/support/security/us/en/19/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities
Trust: 0.3
sources:
            
            
            VULHUB: VHN-155169 // 
            
            
            
            BID: 109309 // 
            
            
            
            JVNDB: JVNDB-2019-006738 // 
            
            
            
            CNNVD: CNNVD-201907-1078 // 
            
            
            
            NVD: CVE-2019-3734

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 109309

SOURCES
db:VULHUBid:VHN-155169
db:BIDid:109309
db:JVNDBid:JVNDB-2019-006738
db:CNNVDid:CNNVD-201907-1078
db:NVDid:CVE-2019-3734

LAST UPDATE DATE
2024-11-23T21:59:50.466000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155169date:2020-08-24T00:00:00
db:BIDid:109309date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-006738date:2019-07-26T00:00:00
db:CNNVDid:CNNVD-201907-1078date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3734date:2024-11-21T04:42:25.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-155169date:2019-07-18T00:00:00
db:BIDid:109309date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-006738date:2019-07-26T00:00:00
db:CNNVDid:CNNVD-201907-1078date:2019-07-18T00:00:00
db:NVDid:CVE-2019-3734date:2019-07-18T16:15:12.390