Sign-up

ID

VAR-202006-1576


CVE

CVE-2020-5345


TITLE

plural Dell EMC Vulnerability regarding lack of certification in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-007303

DESCRIPTION

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell

Trust: 1.71

sources: NVD: CVE-2020-5345 // JVNDB: JVNDB-2020-007303 // VULHUB: VHN-183470

AFFECTED PRODUCTS

vendor:dellmodel:emc unisphere for powermaxscope:ltversion:9.1.0.17

Trust: 1.0

vendor:dellmodel:powermax osscope:eqversion:5978

Trust: 1.0

vendor:dellmodel:emc unisphere for powermax virtual appliancescope:ltversion:9.1.0.17

Trust: 1.0

vendor:dellmodel:emc powermaxscope:eqversion:9.1.0.17

Trust: 0.8

vendor:dellmodel:emc powermax osscope:eqversion:5978

Trust: 0.8

vendor:dellmodel:emc unispherescope:eqversion:for powermax virtual appliance 9.1.0.17

Trust: 0.8

sources: JVNDB: JVNDB-2020-007303 // NVD: CVE-2020-5345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5345
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2020-5345
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007303
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1519
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183470
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5345
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007303
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183470
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5345
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5345
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.1
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007303
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183470 // JVNDB: JVNDB-2020-007303 // CNNVD: CNNVD-202006-1519 // NVD: CVE-2020-5345 // NVD: CVE-2020-5345

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.9

problemtype:CWE-602

Trust: 1.0

sources: VULHUB: VHN-183470 // JVNDB: JVNDB-2020-007303 // NVD: CVE-2020-5345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1519

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1519

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007303

PATCH
title:DSA-2020-065: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, and Dell EMC PowerMax Embedded Management Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
Trust: 0.8
title:Multiple Dell Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122252
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007303 // 
            
            
            
            CNNVD: CNNVD-202006-1519

EXTERNAL IDS
db:NVDid:CVE-2020-5345
Trust: 2.5
db:JVNDBid:JVNDB-2020-007303
Trust: 0.8
db:CNNVDid:CNNVD-202006-1519
Trust: 0.7
db:VULHUBid:VHN-183470
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183470 // 
            
            
            
            JVNDB: JVNDB-2020-007303 // 
            
            
            
            CNNVD: CNNVD-202006-1519 // 
            
            
            
            NVD: CVE-2020-5345

REFERENCES
url:https://www.dell.com/support/security/en-us/details/544585/dsa-2020-065-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5345
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5345
Trust: 0.8
url:https://vigilance.fr/vulnerability/dell-emc-unisphere-for-powermax-privilege-escalation-via-database-statistics-32580
Trust: 0.6
sources:
            
            
            VULHUB: VHN-183470 // 
            
            
            
            JVNDB: JVNDB-2020-007303 // 
            
            
            
            CNNVD: CNNVD-202006-1519 // 
            
            
            
            NVD: CVE-2020-5345

SOURCES
db:VULHUBid:VHN-183470
db:JVNDBid:JVNDB-2020-007303
db:CNNVDid:CNNVD-202006-1519
db:NVDid:CVE-2020-5345

LAST UPDATE DATE
2024-11-23T22:37:21.911000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183470date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-007303date:2020-08-07T00:00:00
db:CNNVDid:CNNVD-202006-1519date:2020-07-03T00:00:00
db:NVDid:CVE-2020-5345date:2024-11-21T05:33:57.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-183470date:2020-06-23T00:00:00
db:JVNDBid:JVNDB-2020-007303date:2020-08-07T00:00:00
db:CNNVDid:CNNVD-202006-1519date:2020-06-19T00:00:00
db:NVDid:CVE-2020-5345date:2020-06-23T20:15:13.283