Sign-up

ID

VAR-202003-1495


CVE

CVE-2020-5342


TITLE

Dell Digital Delivery Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002538

DESCRIPTION

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. (DoS) It may be put into a state. Dell Digital Delivery is an application dedicated to Dell computer equipment and used to purchase computer pre-installed software online

Trust: 1.71

sources: NVD: CVE-2020-5342 // JVNDB: JVNDB-2020-002538 // VULHUB: VHN-183467

AFFECTED PRODUCTS

vendor:dellmodel:digital deliveryscope:ltversion:3.5.2015

Trust: 1.0

vendor:dellmodel:digital deliveryscope:eqversion:3.5.2015

Trust: 0.8

vendor:dellmodel:digital deliveryscope:eqversion:3.5.1

Trust: 0.6

vendor:dellmodel:digital deliveryscope:eqversion:3.5.2006

Trust: 0.6

vendor:dellmodel:digital deliveryscope:eqversion:3.5.2

Trust: 0.6

sources: JVNDB: JVNDB-2020-002538 // CNNVD: CNNVD-202003-381 // NVD: CVE-2020-5342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5342
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5342
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002538
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-381
value: HIGH

Trust: 0.6

VULHUB: VHN-183467
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5342
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002538
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183467
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5342
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-002538
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183467 // JVNDB: JVNDB-2020-002538 // CNNVD: CNNVD-202003-381 // NVD: CVE-2020-5342 // NVD: CVE-2020-5342

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-183467 // JVNDB: JVNDB-2020-002538 // NVD: CVE-2020-5342

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-381

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-381

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002538

PATCH
title:DSA-2020-058:  誤ったデフォルト権限脆弱性に対するデジタル配信セキュリティ更新の Dell/Alienwareurl:https://www.dell.com/support/article/SLN320561
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002538

EXTERNAL IDS
db:NVDid:CVE-2020-5342
Trust: 2.5
db:JVNDBid:JVNDB-2020-002538
Trust: 0.8
db:CNNVDid:CNNVD-202003-381
Trust: 0.7
db:CNVDid:CNVD-2020-16630
Trust: 0.1
db:VULHUBid:VHN-183467
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183467 // 
            
            
            
            JVNDB: JVNDB-2020-002538 // 
            
            
            
            CNNVD: CNNVD-202003-381 // 
            
            
            
            NVD: CVE-2020-5342

REFERENCES
url:https://www.dell.com/support/article/sln320561
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5342
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5342
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183467 // 
            
            
            
            JVNDB: JVNDB-2020-002538 // 
            
            
            
            CNNVD: CNNVD-202003-381 // 
            
            
            
            NVD: CVE-2020-5342

SOURCES
db:VULHUBid:VHN-183467
db:JVNDBid:JVNDB-2020-002538
db:CNNVDid:CNNVD-202003-381
db:NVDid:CVE-2020-5342

LAST UPDATE DATE
2024-11-23T22:29:40.912000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183467date:2020-03-10T00:00:00
db:JVNDBid:JVNDB-2020-002538date:2020-03-19T00:00:00
db:CNNVDid:CNNVD-202003-381date:2020-03-13T00:00:00
db:NVDid:CVE-2020-5342date:2024-11-21T05:33:56.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-183467date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2020-002538date:2020-03-19T00:00:00
db:CNNVDid:CNNVD-202003-381date:2020-03-09T00:00:00
db:NVDid:CVE-2020-5342date:2020-03-09T20:15:11.073