Sign-up

ID

VAR-202006-1575


CVE

CVE-2020-5367


TITLE

plural Dell EMC Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-007304

DESCRIPTION

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit. (DoS) It may be put into a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell

Trust: 1.71

sources: NVD: CVE-2020-5367 // JVNDB: JVNDB-2020-007304 // VULHUB: VHN-183492

AFFECTED PRODUCTS

vendor:dellmodel:emc unisphere for powermaxscope:ltversion:9.1.0.17

Trust: 1.0

vendor:dellmodel:powermax osscope:eqversion:5978

Trust: 1.0

vendor:dellmodel:emc unisphere for powermax virtual appliancescope:ltversion:9.1.0.17

Trust: 1.0

vendor:dellmodel:emc powermaxscope:eqversion:9.1.0.17

Trust: 0.8

vendor:dellmodel:emc powermax osscope:eqversion:5978

Trust: 0.8

vendor:dellmodel:emc unispherescope:eqversion:for powermax virtual appliance 9.1.0.17

Trust: 0.8

sources: JVNDB: JVNDB-2020-007304 // NVD: CVE-2020-5367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5367
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5367
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007304
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1518
value: HIGH

Trust: 0.6

VULHUB: VHN-183492
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5367
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007304
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183492
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5367
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5367
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.4
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007304
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183492 // JVNDB: JVNDB-2020-007304 // CNNVD: CNNVD-202006-1518 // NVD: CVE-2020-5367 // NVD: CVE-2020-5367

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-183492 // JVNDB: JVNDB-2020-007304 // NVD: CVE-2020-5367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1518

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007304

PATCH
title:DSA-2020-065: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, and Dell EMC PowerMax Embedded Management Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
Trust: 0.8
title:Multiple Dell Repair measures for product trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122636
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007304 // 
            
            
            
            CNNVD: CNNVD-202006-1518

EXTERNAL IDS
db:NVDid:CVE-2020-5367
Trust: 2.5
db:JVNDBid:JVNDB-2020-007304
Trust: 0.8
db:CNNVDid:CNNVD-202006-1518
Trust: 0.7
db:VULHUBid:VHN-183492
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183492 // 
            
            
            
            JVNDB: JVNDB-2020-007304 // 
            
            
            
            CNNVD: CNNVD-202006-1518 // 
            
            
            
            NVD: CVE-2020-5367

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-5367
Trust: 1.4
url:https://www.dell.com/support/kbdoc/en-uk/000153935/dsa-2020-065-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-and-dell-emc-powermax-embedded-management-update-for-multiple-vulnerabilities
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5367
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/544585/dsa-2020-065-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance
Trust: 0.7
url:https://vigilance.fr/vulnerability/dell-emc-unisphere-for-powermax-man-in-the-middle-32579
Trust: 0.6
sources:
            
            
            VULHUB: VHN-183492 // 
            
            
            
            JVNDB: JVNDB-2020-007304 // 
            
            
            
            CNNVD: CNNVD-202006-1518 // 
            
            
            
            NVD: CVE-2020-5367

SOURCES
db:VULHUBid:VHN-183492
db:JVNDBid:JVNDB-2020-007304
db:CNNVDid:CNNVD-202006-1518
db:NVDid:CVE-2020-5367

LAST UPDATE DATE
2024-11-23T21:35:39.991000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183492date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-007304date:2020-08-07T00:00:00
db:CNNVDid:CNNVD-202006-1518date:2020-07-03T00:00:00
db:NVDid:CVE-2020-5367date:2024-11-21T05:34:00.637

SOURCES RELEASE DATE
db:VULHUBid:VHN-183492date:2020-06-23T00:00:00
db:JVNDBid:JVNDB-2020-007304date:2020-08-07T00:00:00
db:CNNVDid:CNNVD-202006-1518date:2020-06-19T00:00:00
db:NVDid:CVE-2020-5367date:2020-06-23T20:15:13.363