Details of VAR-202007-1281

ID

VAR-202007-1281

CVE

CVE-2020-5368

TITLE

Dell EMC VxRail Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007624

DESCRIPTION

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. Dell EMC VxRail is a VMware hyper-converged infrastructure equipment from Dell (Dell). The product includes computing, storage, network, and virtualization resources

Trust: 2.16

sources: NVD: CVE-2020-5368 // JVNDB: JVNDB-2020-007624 // CNVD: CNVD-2021-00039

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-00039

AFFECTED PRODUCTS

vendor:	dell	model:	vxrail d560	scope:	eq	version:	4.7.410	Trust: 1.8
vendor:	dell	model:	vxrail d560	scope:	eq	version:	4.7.411	Trust: 1.8
vendor:	dell	model:	vxrail d560f	scope:	eq	version:	4.7.410	Trust: 1.8
vendor:	dell	model:	vxrail d560f	scope:	eq	version:	4.7.411	Trust: 1.8
vendor:	dell	model:	vxrail d560	scope:	eq	version:	4.7.510	Trust: 1.0
vendor:	dell	model:	vxrail d560f	scope:	eq	version:	4.7.510	Trust: 1.0
vendor:	dell	model:	emc vxrail	scope:	eq	version:	4.7.410	Trust: 0.6
vendor:	dell	model:	emc vxrail	scope:	eq	version:	4.7.411	Trust: 0.6

sources: CNVD: CNVD-2021-00039 // JVNDB: JVNDB-2020-007624 // NVD: CVE-2020-5368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5368
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2020-5368
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-007624
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-00039
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-264
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-5368
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007624
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-00039
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-5368
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-5368
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007624
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-00039 // JVNDB: JVNDB-2020-007624 // CNNVD: CNNVD-202007-264 // NVD: CVE-2020-5368 // NVD: CVE-2020-5368

PROBLEMTYPE DATA

problemtype:

CWE-862

Trust: 1.8

sources: JVNDB: JVNDB-2020-007624 // NVD: CVE-2020-5368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-264

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-264

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007624

PATCH

title:	DSA-2020-136: Dell EMC VxRail Appliance Improper Authentication Vulnerability	url:	https://www.dell.com/support/security/en-us/details/544058/DSA-2020-136-Dell-EMC-VxRail-Appliance-Improper-Authentication-Vulnerability	Trust: 0.8
title:	Patch for Dell EMC VxRail incorrect authentication vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/243088	Trust: 0.6
title:	Dell EMC VxRail Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123617	Trust: 0.6

sources: CNVD: CNVD-2021-00039 // JVNDB: JVNDB-2020-007624 // CNNVD: CNNVD-202007-264

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5368	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-007624	Trust: 0.8
db:	CNVD	id:	CNVD-2021-00039	Trust: 0.6
db:	NSFOCUS	id:	47098	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-264	Trust: 0.6

sources: CNVD: CNVD-2021-00039 // JVNDB: JVNDB-2020-007624 // CNNVD: CNNVD-202007-264 // NVD: CVE-2020-5368

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-5368	Trust: 2.0
url:	https://www.dell.com/support/security/en-us/details/544058/dsa-2020-136-dell-emc-vxrail-appliance-improper-authentication-vulnerability	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5368	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47098	Trust: 0.6

sources: CNVD: CNVD-2021-00039 // JVNDB: JVNDB-2020-007624 // CNNVD: CNNVD-202007-264 // NVD: CVE-2020-5368

SOURCES

db:	CNVD	id:	CNVD-2021-00039
db:	JVNDB	id:	JVNDB-2020-007624
db:	CNNVD	id:	CNNVD-202007-264
db:	NVD	id:	CVE-2020-5368

LAST UPDATE DATE

2024-11-23T21:59:08.455000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-00039	date:	2021-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-007624	date:	2020-08-18T00:00:00
db:	CNNVD	id:	CNNVD-202007-264	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2020-5368	date:	2024-11-21T05:34:00.763

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-00039	date:	2021-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-007624	date:	2020-08-18T00:00:00
db:	CNNVD	id:	CNNVD-202007-264	date:	2020-07-06T00:00:00
db:	NVD	id:	CVE-2020-5368	date:	2020-07-06T18:15:20.950