Sign-up

ID

VAR-202003-0892


CVE

CVE-2019-18582


TITLE

Dell EMC Data Protection Advisor Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015125

DESCRIPTION

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. (DoS) It may be put into a state. The product supports functions such as data backup, data recovery, and data replication management. A remote attacker could use a specially crafted script to exploit this vulnerability to execute arbitrary commands on the system

Trust: 1.71

sources: NVD: CVE-2019-18582 // JVNDB: JVNDB-2019-015125 // VULHUB: VHN-150943

AFFECTED PRODUCTS

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.3

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.4

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.5

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:18.2

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:6.3

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:19.1

Trust: 1.0

vendor:dellmodel:emc data protection advisorscope:eqversion:18.1

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.0

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.3

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.4

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:6.5

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:patch 71

Trust: 0.8

vendor:dell emc old emcmodel:data protection advisorscope:eqversion:patch 83

Trust: 0.8

vendor:dell emc old emcmodel:integrated data protection appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-015125 // NVD: CVE-2019-18582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18582
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-18582
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015125
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1130
value: HIGH

Trust: 0.6

VULHUB: VHN-150943
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18582
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015125
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-150943
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18582
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-18582
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015125
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150943 // JVNDB: JVNDB-2019-015125 // CNNVD: CNNVD-202003-1130 // NVD: CVE-2019-18582 // NVD: CVE-2019-18582

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-150943 // JVNDB: JVNDB-2019-015125 // NVD: CVE-2019-18582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1130

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-1130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015125

PATCH
title:DSA-2019-155: Dell EMC Data Protection Advisor Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities
Trust: 0.8
title:Dell EMC Data Protection Advisor Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112610
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015125 // 
            
            
            
            CNNVD: CNNVD-202003-1130

EXTERNAL IDS
db:NVDid:CVE-2019-18582
Trust: 2.5
db:JVNDBid:JVNDB-2019-015125
Trust: 0.8
db:CNNVDid:CNNVD-202003-1130
Trust: 0.7
db:CNVDid:CNVD-2020-29586
Trust: 0.1
db:VULHUBid:VHN-150943
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150943 // 
            
            
            
            JVNDB: JVNDB-2019-015125 // 
            
            
            
            CNNVD: CNNVD-202003-1130 // 
            
            
            
            NVD: CVE-2019-18582

REFERENCES
url:https://www.dell.com/support/security/en-us/details/539430/dsa-2019-155-dell-emc-data-protection-advisor-security-update-for-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18582
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18582
Trust: 0.8
sources:
            
            
            VULHUB: VHN-150943 // 
            
            
            
            JVNDB: JVNDB-2019-015125 // 
            
            
            
            CNNVD: CNNVD-202003-1130 // 
            
            
            
            NVD: CVE-2019-18582

SOURCES
db:VULHUBid:VHN-150943
db:JVNDBid:JVNDB-2019-015125
db:CNNVDid:CNNVD-202003-1130
db:NVDid:CVE-2019-18582

LAST UPDATE DATE
2024-11-23T22:37:27.446000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150943date:2020-03-24T00:00:00
db:JVNDBid:JVNDB-2019-015125date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1130date:2020-05-12T00:00:00
db:NVDid:CVE-2019-18582date:2024-11-21T04:33:20.460

SOURCES RELEASE DATE
db:VULHUBid:VHN-150943date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-015125date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1130date:2020-03-18T00:00:00
db:NVDid:CVE-2019-18582date:2020-03-18T19:15:16.623