Sign-up

ID

VAR-202004-1879


CVE

CVE-2020-5330


TITLE

plural Dell EMC Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-003974

DESCRIPTION

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. Dell EMC Networking X-Series, etc. are products of the American Dell (Dell) company

Trust: 2.16

sources: NVD: CVE-2020-5330 // JVNDB: JVNDB-2020-003974 // CNVD: CNVD-2020-22965

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22965

AFFECTED PRODUCTS

vendor:dellmodel:x1000scope:lteversion:2.0.0.77

Trust: 1.0

vendor:dellmodel:r1-2210scope:lteversion:3.0.1.2

Trust: 1.0

vendor:dellmodel:x4012scope:lteversion:2.0.0.77

Trust: 1.0

vendor:dellmodel:pc5500scope:lteversion:4.1.0.22

Trust: 1.0

vendor:dellmodel:r1-2401scope:lteversion:3.0.1.2

Trust: 1.0

vendor:dellmodel:pc5500scope:eqversion:4.1.0.22

Trust: 0.8

vendor:dellmodel:r1-2210scope:eqversion:2.0.0.77

Trust: 0.8

vendor:dellmodel:r1-2401scope:eqversion:2.0.0.77

Trust: 0.8

vendor:dellmodel:x1000scope:eqversion:3.0.1.2

Trust: 0.8

vendor:dellmodel:x4012scope:eqversion:3.0.1.2

Trust: 0.8

vendor:dellmodel:emc networking x-seriesscope:lteversion:<=3.0.1.2

Trust: 0.6

vendor:dellmodel:emc networking pc5500scope:lteversion:<=4.1.0.22

Trust: 0.6

vendor:dellmodel:emc poweredge vrtx switch modulesscope:lteversion:<=2.0.0.77

Trust: 0.6

sources: CNVD: CNVD-2020-22965 // JVNDB: JVNDB-2020-003974 // NVD: CVE-2020-5330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5330
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5330
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003974
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22965
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-596
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5330
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003974
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22965
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5330
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5330
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003974
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22965 // JVNDB: JVNDB-2020-003974 // CNNVD: CNNVD-202004-596 // NVD: CVE-2020-5330 // NVD: CVE-2020-5330

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2020-003974 // NVD: CVE-2020-5330

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-596

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-596

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003974

PATCH
title:DSA-2020-042url:https://www.dell.com/support/article/ja-jp/sln320366/dsa-2020-042-dell-networking-security-update-for-an-information-disclosure-vulnerability?lang=en
Trust: 0.8
title:Patch for Dell EMC Networking X-Series, Dell EMC Networking PC5500, and Dell EMC PowerEdge VRTX Switch Modules information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213917
Trust: 0.6
title:Dell EMC Networking X-Series , Dell EMC Networking PC5500  and Dell EMC PowerEdge VRTX Switch Modules Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=115758
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22965 // 
            
            
            
            JVNDB: JVNDB-2020-003974 // 
            
            
            
            CNNVD: CNNVD-202004-596

EXTERNAL IDS
db:NVDid:CVE-2020-5330
Trust: 3.0
db:PACKETSTORMid:171723
Trust: 1.6
db:JVNDBid:JVNDB-2020-003974
Trust: 0.8
db:CNVDid:CNVD-2020-22965
Trust: 0.6
db:EXPLOIT-DBid:51248
Trust: 0.6
db:CNNVDid:CNNVD-202004-596
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22965 // 
            
            
            
            JVNDB: JVNDB-2020-003974 // 
            
            
            
            CNNVD: CNNVD-202004-596 // 
            
            
            
            NVD: CVE-2020-5330

REFERENCES
url:https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en
Trust: 1.6
url:http://packetstormsecurity.com/files/171723/cisco-dell-netgear-information-disclosure-hash-decrypter.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5330
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5330
Trust: 0.8
url:https://www.exploit-db.com/exploits/51248
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003974 // 
            
            
            
            CNNVD: CNNVD-202004-596 // 
            
            
            
            NVD: CVE-2020-5330

SOURCES
db:CNVDid:CNVD-2020-22965
db:JVNDBid:JVNDB-2020-003974
db:CNNVDid:CNNVD-202004-596
db:NVDid:CVE-2020-5330

LAST UPDATE DATE
2024-11-23T22:40:57.721000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22965date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-003974date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-596date:2023-04-07T00:00:00
db:NVDid:CVE-2020-5330date:2024-11-21T05:33:55.537

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22965date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-003974date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-596date:2020-04-10T00:00:00
db:NVDid:CVE-2020-5330date:2020-04-10T19:15:13.413