Details of VAR-202101-0523

ID

VAR-202101-0523

CVE

CVE-2020-29501

TITLE

Dell EMC PowerStore Vulnerability of important information in plaintext

Trust: 0.8

sources: JVNDB: JVNDB-2020-015139

DESCRIPTION

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore Contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States. The vulnerability stems from the fact that the program stores passwords in clear text

Trust: 2.16

sources: NVD: CVE-2020-29501 // JVNDB: JVNDB-2020-015139 // CNVD: CNVD-2021-13943

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-13943

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerstore	scope:	lt	version:	1.0.3.0.5.007	Trust: 1.6
vendor:	デル	model:	emc powerstore	scope:	eq	version:	emc powerstore firmware 1.0.3.0.5.007	Trust: 0.8
vendor:	デル	model:	emc powerstore	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-13943 // JVNDB: JVNDB-2020-015139 // NVD: CVE-2020-29501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29501
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29501
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-29501
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-13943
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-283
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-29501
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-13943
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29501
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-29501
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29501
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-13943 // JVNDB: JVNDB-2020-015139 // CNNVD: CNNVD-202101-283 // NVD: CVE-2020-29501 // NVD: CVE-2020-29501

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015139 // NVD: CVE-2020-29501

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-283

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-283

PATCH

title:	DSA-2020-284	url:	https://www.dell.com/support/kbdoc/ja-jp/000180775/dsa-2020-284-dell-emc-powerstore-family-multiple-security-vulnerabilities	Trust: 0.8
title:	Patch for Dell EMC PowerStore Information Disclosure Vulnerability (CNVD-2021-13943)	url:	https://www.cnvd.org.cn/patchInfo/show/250306	Trust: 0.6
title:	Dell EMC PowerStore Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138434	Trust: 0.6

sources: CNVD: CNVD-2021-13943 // JVNDB: JVNDB-2020-015139 // CNNVD: CNNVD-202101-283

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29501	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-015139	Trust: 0.8
db:	CNVD	id:	CNVD-2021-13943	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-283	Trust: 0.6

sources: CNVD: CNVD-2021-13943 // JVNDB: JVNDB-2020-015139 // CNNVD: CNNVD-202101-283 // NVD: CVE-2020-29501

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-29501	Trust: 2.0
url:	https://www.dell.com/support/kbdoc/000180775	Trust: 1.6

sources: CNVD: CNVD-2021-13943 // JVNDB: JVNDB-2020-015139 // CNNVD: CNNVD-202101-283 // NVD: CVE-2020-29501

SOURCES

db:	CNVD	id:	CNVD-2021-13943
db:	JVNDB	id:	JVNDB-2020-015139
db:	CNNVD	id:	CNNVD-202101-283
db:	NVD	id:	CVE-2020-29501

LAST UPDATE DATE

2024-11-23T22:51:08.438000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-13943	date:	2021-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-015139	date:	2021-09-10T08:55:00
db:	CNNVD	id:	CNNVD-202101-283	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-29501	date:	2024-11-21T05:24:07.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-13943	date:	2021-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-015139	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-283	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-29501	date:	2021-01-05T22:15:14.093