Sign-up

ID

VAR-202003-0890


CVE

CVE-2019-18581


TITLE

Dell EMC Data Protection Advisor Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015124

DESCRIPTION

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. (DoS) It may be put into a state. The product supports functions such as data backup, data recovery, and data replication management

Trust: 1.71

sources: NVD: CVE-2019-18581 // JVNDB: JVNDB-2019-015124 // VULHUB: VHN-150942

AFFECTED PRODUCTS

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.3

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.4

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.5

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:18.2

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.3

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:19.1

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:18.1

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.0

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.3

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.4

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.5

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:patch 71

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:patch 83

Trust: 0.8

vendor:dell emc old emcmodel:integrated data protection appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-015124 // NVD: CVE-2019-18581

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18581
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-18581
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015124
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1128
value: HIGH

Trust: 0.6

VULHUB: VHN-150942
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18581
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015124
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-150942
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18581
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-18581
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015124
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150942 // JVNDB: JVNDB-2019-015124 // CNNVD: CNNVD-202003-1128 // NVD: CVE-2019-18581 // NVD: CVE-2019-18581

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.9

sources: VULHUB: VHN-150942 // JVNDB: JVNDB-2019-015124 // NVD: CVE-2019-18581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1128

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1128

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015124

PATCH
title:DSA-2019-155: Dell EMC Data Protection Advisor Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities
Trust: 0.8
title:Dell EMC Data Protection Advisor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112608
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015124 // 
            
            
            
            CNNVD: CNNVD-202003-1128

EXTERNAL IDS
db:NVDid:CVE-2019-18581
Trust: 2.5
db:JVNDBid:JVNDB-2019-015124
Trust: 0.8
db:CNNVDid:CNNVD-202003-1128
Trust: 0.7
db:CNVDid:CNVD-2020-29585
Trust: 0.1
db:VULHUBid:VHN-150942
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150942 // 
            
            
            
            JVNDB: JVNDB-2019-015124 // 
            
            
            
            CNNVD: CNNVD-202003-1128 // 
            
            
            
            NVD: CVE-2019-18581

REFERENCES
url:https://www.dell.com/support/security/en-us/details/539430/dsa-2019-155-dell-emc-data-protection-advisor-security-update-for-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18581
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18581
Trust: 0.8
sources:
            
            
            VULHUB: VHN-150942 // 
            
            
            
            JVNDB: JVNDB-2019-015124 // 
            
            
            
            CNNVD: CNNVD-202003-1128 // 
            
            
            
            NVD: CVE-2019-18581

SOURCES
db:VULHUBid:VHN-150942
db:JVNDBid:JVNDB-2019-015124
db:CNNVDid:CNNVD-202003-1128
db:NVDid:CVE-2019-18581

LAST UPDATE DATE
2024-11-23T23:01:30.458000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150942date:2020-03-24T00:00:00
db:JVNDBid:JVNDB-2019-015124date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1128date:2020-05-12T00:00:00
db:NVDid:CVE-2019-18581date:2024-11-21T04:33:20.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-150942date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-015124date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1128date:2020-03-18T00:00:00
db:NVDid:CVE-2019-18581date:2020-03-18T19:15:16.497