Sign-up

ID

VAR-202008-1057


CVE

CVE-2020-5385


TITLE

Dell Encryption and Dell Endpoint Security Suite Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010290

DESCRIPTION

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. (DoS) It may be put into a state. Dell Encryption is a suite of data protection solutions. The product includes features such as compliance management, authentication, disk data encryption, and port encryption. The product supports features such as automated threat prevention, detection, and response

Trust: 1.71

sources: NVD: CVE-2020-5385 // JVNDB: JVNDB-2020-010290 // VULHUB: VHN-183510

AFFECTED PRODUCTS

vendor:dellmodel:endpoint security suite enterprisescope:ltversion:2.8

Trust: 1.0

vendor:dellmodel:encryptionscope:ltversion:10.8

Trust: 1.0

vendor:dellmodel:encryption enterprisescope:eqversion:10.8

Trust: 0.8

vendor:dellmodel:endpoint security suite enterprisescope:eqversion:2.8

Trust: 0.8

sources: JVNDB: JVNDB-2020-010290 // NVD: CVE-2020-5385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5385
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5385
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010290
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-950
value: HIGH

Trust: 0.6

VULHUB: VHN-183510
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5385
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010290
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183510
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5385
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5385
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010290
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183510 // JVNDB: JVNDB-2020-010290 // CNNVD: CNNVD-202008-950 // NVD: CVE-2020-5385 // NVD: CVE-2020-5385

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.9

sources: VULHUB: VHN-183510 // JVNDB: JVNDB-2020-010290 // NVD: CVE-2020-5385

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-950

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-950

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010290

PATCH
title:DSA-2020-185url:https://www.dell.com/support/article/ja-jp/sln322456/dsa-2020-185-dell-encryption-and-dell-endpoint-security-suite-permissions-privileges-and-access-controls-vulnerability?lang=en
Trust: 0.8
title:Dell Encryption  and Dell Endpoint Security Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126587
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010290 // 
            
            
            
            CNNVD: CNNVD-202008-950

EXTERNAL IDS
db:NVDid:CVE-2020-5385
Trust: 2.5
db:JVNDBid:JVNDB-2020-010290
Trust: 0.8
db:CNNVDid:CNNVD-202008-950
Trust: 0.7
db:VULHUBid:VHN-183510
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183510 // 
            
            
            
            JVNDB: JVNDB-2020-010290 // 
            
            
            
            CNNVD: CNNVD-202008-950 // 
            
            
            
            NVD: CVE-2020-5385

REFERENCES
url:https://www.dell.com/support/article/sln322456
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5385
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5385
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183510 // 
            
            
            
            JVNDB: JVNDB-2020-010290 // 
            
            
            
            CNNVD: CNNVD-202008-950 // 
            
            
            
            NVD: CVE-2020-5385

SOURCES
db:VULHUBid:VHN-183510
db:JVNDBid:JVNDB-2020-010290
db:CNNVDid:CNNVD-202008-950
db:NVDid:CVE-2020-5385

LAST UPDATE DATE
2024-11-23T22:40:58.228000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183510date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010290date:2021-01-05T07:24:55
db:CNNVDid:CNNVD-202008-950date:2020-08-27T00:00:00
db:NVDid:CVE-2020-5385date:2024-11-21T05:34:02.353

SOURCES RELEASE DATE
db:VULHUBid:VHN-183510date:2020-08-18T00:00:00
db:JVNDBid:JVNDB-2020-010290date:2021-01-05T07:24:55
db:CNNVDid:CNNVD-202008-950date:2020-08-18T00:00:00
db:NVDid:CVE-2020-5385date:2020-08-18T21:15:12.363