Details of VAR-202101-0513

ID

VAR-202101-0513

CVE

CVE-2020-29490

TITLE

plural Dell EMC Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-015389

DESCRIPTION

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Trust: 1.71

sources: NVD: CVE-2020-29490 // JVNDB: JVNDB-2020-015389 // VULHUB: VHN-376194

AFFECTED PRODUCTS

vendor:	dell	model:	emc unity xt operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	dell	model:	emc unity operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	dell	model:	emc unity vsa operating environment	scope:	lt	version:	5.0.4.0.5.012	Trust: 1.0
vendor:	デル	model:	dell emc unityvsa operating environment	scope:	eq	version:	5.0.4.0.5.012	Trust: 0.8
vendor:	デル	model:	dell emc unity xt operating environment	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc unity operating environment	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015389 // NVD: CVE-2020-29490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29490
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29490
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29490
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-291
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-376194
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-29490
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-376194
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-29490
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-29490
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29490
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-376194 // JVNDB: JVNDB-2020-015389 // CNNVD: CNNVD-202101-291 // NVD: CVE-2020-29490 // NVD: CVE-2020-29490

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376194 // JVNDB: JVNDB-2020-015389 // NVD: CVE-2020-29490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-291

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202101-291

PATCH

title:	DSA-2020-276	url:	https://www.dell.com/support/kbdoc/ja-jp/000181248/dsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilitiesdsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL Dell EMC Unity and UnityVSA Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138927	Trust: 0.6

sources: JVNDB: JVNDB-2020-015389 // CNNVD: CNNVD-202101-291

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29490	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015389	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-291	Trust: 0.6
db:	VULHUB	id:	VHN-376194	Trust: 0.1

sources: VULHUB: VHN-376194 // JVNDB: JVNDB-2020-015389 // CNNVD: CNNVD-202101-291 // NVD: CVE-2020-29490

REFERENCES

url:	https://www.dell.com/support/kbdoc/000181248	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29490	Trust: 1.4

sources: VULHUB: VHN-376194 // JVNDB: JVNDB-2020-015389 // CNNVD: CNNVD-202101-291 // NVD: CVE-2020-29490

SOURCES

db:	VULHUB	id:	VHN-376194
db:	JVNDB	id:	JVNDB-2020-015389
db:	CNNVD	id:	CNNVD-202101-291
db:	NVD	id:	CVE-2020-29490

LAST UPDATE DATE

2024-11-23T21:35:00.230000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376194	date:	2021-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-015389	date:	2021-09-21T07:17:00
db:	CNNVD	id:	CNNVD-202101-291	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2020-29490	date:	2024-11-21T05:24:06.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376194	date:	2021-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-015389	date:	2021-09-21T00:00:00
db:	CNNVD	id:	CNNVD-202101-291	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-29490	date:	2021-01-05T22:15:13.937