Details of VAR-202101-0522

ID

VAR-202101-0522

CVE

CVE-2020-29500

TITLE

Dell EMC PowerStore Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-02359 // CNNVD: CNNVD-202101-292

DESCRIPTION

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore Contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States

Trust: 2.16

sources: NVD: CVE-2020-29500 // JVNDB: JVNDB-2020-015138 // CNVD: CNVD-2021-02359

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-02359

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerstore	scope:	lt	version:	1.0.3.0.5.007	Trust: 1.6
vendor:	デル	model:	emc powerstore	scope:	eq	version:	emc powerstore firmware 1.0.3.0.5.007	Trust: 0.8
vendor:	デル	model:	emc powerstore	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-02359 // JVNDB: JVNDB-2020-015138 // NVD: CVE-2020-29500

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29500
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29500
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29500
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-02359
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-292
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-29500
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-02359
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29500
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-29500
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29500
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-02359 // JVNDB: JVNDB-2020-015138 // CNNVD: CNNVD-202101-292 // NVD: CVE-2020-29500 // NVD: CVE-2020-29500

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015138 // NVD: CVE-2020-29500

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-292

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-292

PATCH

title:	DSA-2020-284	url:	https://www.dell.com/support/kbdoc/ja-jp/000180775/dsa-2020-284-dell-emc-powerstore-family-multiple-security-vulnerabilities	Trust: 0.8
title:	Patch for Dell EMC PowerStore Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/243634	Trust: 0.6
title:	Dell EMC PowerStore Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138928	Trust: 0.6

sources: CNVD: CNVD-2021-02359 // JVNDB: JVNDB-2020-015138 // CNNVD: CNNVD-202101-292

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29500	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-015138	Trust: 0.8
db:	CNVD	id:	CNVD-2021-02359	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-292	Trust: 0.6

sources: CNVD: CNVD-2021-02359 // JVNDB: JVNDB-2020-015138 // CNNVD: CNNVD-202101-292 // NVD: CVE-2020-29500

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-29500	Trust: 2.0
url:	https://www.dell.com/support/kbdoc/000180775	Trust: 1.6

sources: CNVD: CNVD-2021-02359 // JVNDB: JVNDB-2020-015138 // CNNVD: CNNVD-202101-292 // NVD: CVE-2020-29500

SOURCES

db:	CNVD	id:	CNVD-2021-02359
db:	JVNDB	id:	JVNDB-2020-015138
db:	CNNVD	id:	CNNVD-202101-292
db:	NVD	id:	CVE-2020-29500

LAST UPDATE DATE

2024-11-23T22:37:10.329000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-02359	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-015138	date:	2021-09-10T08:55:00
db:	CNNVD	id:	CNNVD-202101-292	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-29500	date:	2024-11-21T05:24:07.560

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-02359	date:	2021-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-015138	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-292	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-29500	date:	2021-01-05T22:15:14