Sign-up

ID

VAR-202003-0887


CVE

CVE-2019-18576


TITLE

Dell EMC XtremIO XMS Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014961

DESCRIPTION

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. Dell EMC XtremIO XMS Exists in a vulnerability related to information leakage from log files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC XtremIO XMS is the US Dell ( Dell ) set of company XtremIO (Enterprise storage platform) management software. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-18576 // JVNDB: JVNDB-2019-014961 // VULHUB: VHN-150936

AFFECTED PRODUCTS

vendor:dellmodel:xtremio management serverscope:ltversion:6.3.0

Trust: 1.0

vendor:dellmodel:emc xtremioscope:eqversion:6.3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-014961 // NVD: CVE-2019-18576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18576
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-18576
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014961
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-870
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150936
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-18576
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014961
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-150936
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18576
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-18576
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-014961
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150936 // JVNDB: JVNDB-2019-014961 // CNNVD: CNNVD-202003-870 // NVD: CVE-2019-18576 // NVD: CVE-2019-18576

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-150936 // JVNDB: JVNDB-2019-014961 // NVD: CVE-2019-18576

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-870

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202003-870

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014961

PATCH
title:DSA-2019-172url:https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities
Trust: 0.8
title:Dell EMC XtremIO XMS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112344
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-014961 // 
            
            
            
            CNNVD: CNNVD-202003-870

EXTERNAL IDS
db:NVDid:CVE-2019-18576
Trust: 2.5
db:JVNDBid:JVNDB-2019-014961
Trust: 0.8
db:CNNVDid:CNNVD-202003-870
Trust: 0.7
db:CNVDid:CNVD-2020-19572
Trust: 0.1
db:VULHUBid:VHN-150936
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150936 // 
            
            
            
            JVNDB: JVNDB-2019-014961 // 
            
            
            
            CNNVD: CNNVD-202003-870 // 
            
            
            
            NVD: CVE-2019-18576

REFERENCES
url:https://www.dell.com/support/security/en-us/details/539703/dsa-2019-172-dell-emc-xtremio-security-update-for-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18576
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18576
Trust: 0.8
sources:
            
            
            VULHUB: VHN-150936 // 
            
            
            
            JVNDB: JVNDB-2019-014961 // 
            
            
            
            CNNVD: CNNVD-202003-870 // 
            
            
            
            NVD: CVE-2019-18576

SOURCES
db:VULHUBid:VHN-150936
db:JVNDBid:JVNDB-2019-014961
db:CNNVDid:CNNVD-202003-870
db:NVDid:CVE-2019-18576

LAST UPDATE DATE
2024-11-23T21:36:02.799000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150936date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014961date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-870date:2022-03-18T00:00:00
db:NVDid:CVE-2019-18576date:2024-11-21T04:33:19.773

SOURCES RELEASE DATE
db:VULHUBid:VHN-150936date:2020-03-13T00:00:00
db:JVNDBid:JVNDB-2019-014961date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-870date:2020-03-13T00:00:00
db:NVDid:CVE-2019-18576date:2020-03-13T21:15:11.533