Sign-up

ID

VAR-202006-1583


CVE

CVE-2020-5358


TITLE

Dell Encryption and Dell Endpoint Security Suite Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006806

DESCRIPTION

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. (DoS) It may be put into a state. Dell Encryption is a suite of data protection solutions. The product includes features such as compliance management, authentication, disk data encryption, and port encryption. The product supports features such as automated threat prevention, detection, and response

Trust: 1.8

sources: NVD: CVE-2020-5358 // JVNDB: JVNDB-2020-006806 // VULHUB: VHN-183483 // VULMON: CVE-2020-5358

AFFECTED PRODUCTS

vendor:dellmodel:encryptionscope:lteversion:10.7.0

Trust: 1.0

vendor:dellmodel:endpoint security suite enterprisescope:ltversion:2.7

Trust: 1.0

vendor:dellmodel:encryption enterprisescope:eqversion:10.7

Trust: 0.8

vendor:dellmodel:endpoint security suite enterprisescope:eqversion:2.7

Trust: 0.8

sources: JVNDB: JVNDB-2020-006806 // NVD: CVE-2020-5358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5358
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5358
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006806
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1055
value: HIGH

Trust: 0.6

VULHUB: VHN-183483
value: HIGH

Trust: 0.1

VULMON: CVE-2020-5358
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5358
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006806
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183483
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5358
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5358
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006806
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183483 // VULMON: CVE-2020-5358 // JVNDB: JVNDB-2020-006806 // CNNVD: CNNVD-202006-1055 // NVD: CVE-2020-5358 // NVD: CVE-2020-5358

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.9

sources: VULHUB: VHN-183483 // JVNDB: JVNDB-2020-006806 // NVD: CVE-2020-5358

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1055

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006806

PATCH
title:DSA-2020-113url:https://www.dell.com/support/article/SLN321789
Trust: 0.8
title:Dell Encryption  and Dell Endpoint Security Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122504
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006806 // 
            
            
            
            CNNVD: CNNVD-202006-1055

EXTERNAL IDS
db:NVDid:CVE-2020-5358
Trust: 2.6
db:JVNDBid:JVNDB-2020-006806
Trust: 0.8
db:CNNVDid:CNNVD-202006-1055
Trust: 0.7
db:VULHUBid:VHN-183483
Trust: 0.1
db:VULMONid:CVE-2020-5358
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183483 // 
            
            
            
            VULMON: CVE-2020-5358 // 
            
            
            
            JVNDB: JVNDB-2020-006806 // 
            
            
            
            CNNVD: CNNVD-202006-1055 // 
            
            
            
            NVD: CVE-2020-5358

REFERENCES
url:https://www.dell.com/support/article/sln321789
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5358
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5358
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183483 // 
            
            
            
            VULMON: CVE-2020-5358 // 
            
            
            
            JVNDB: JVNDB-2020-006806 // 
            
            
            
            CNNVD: CNNVD-202006-1055 // 
            
            
            
            NVD: CVE-2020-5358

SOURCES
db:VULHUBid:VHN-183483
db:VULMONid:CVE-2020-5358
db:JVNDBid:JVNDB-2020-006806
db:CNNVDid:CNNVD-202006-1055
db:NVDid:CVE-2020-5358

LAST UPDATE DATE
2024-11-23T23:01:21.373000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183483date:2020-06-22T00:00:00
db:VULMONid:CVE-2020-5358date:2020-06-22T00:00:00
db:JVNDBid:JVNDB-2020-006806date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1055date:2020-06-30T00:00:00
db:NVDid:CVE-2020-5358date:2024-11-21T05:33:58.590

SOURCES RELEASE DATE
db:VULHUBid:VHN-183483date:2020-06-15T00:00:00
db:VULMONid:CVE-2020-5358date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006806date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1055date:2020-06-15T00:00:00
db:NVDid:CVE-2020-5358date:2020-06-15T21:15:10.820