Sign-up

ID

VAR-202107-0410


CVE

CVE-2020-5341


TITLE

Dell EMC Avamar Server  and  Dell EMC Integrated Data Protection Appliance  Untrusted Data Deserialization Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012451

DESCRIPTION

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. (DoS) It may be in a state. Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell

Trust: 1.8

sources: NVD: CVE-2020-5341 // JVNDB: JVNDB-2021-012451 // VULHUB: VHN-183466 // VULMON: CVE-2020-5341

AFFECTED PRODUCTS

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:7.4.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:7.5.0

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.2

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:18.1

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:18.2

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.3

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:7.5.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.1

Trust: 1.0

vendor:デルmodel:dell emc integrated data protection appliancescope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012451 // NVD: CVE-2020-5341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5341
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2020-5341
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-5341
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202003-049
value: CRITICAL

Trust: 0.6

VULHUB: VHN-183466
value: HIGH

Trust: 0.1

VULMON: CVE-2020-5341
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5341
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-183466
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5341
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-012451
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183466 // VULMON: CVE-2020-5341 // JVNDB: JVNDB-2021-012451 // CNNVD: CNNVD-202003-049 // NVD: CVE-2020-5341 // NVD: CVE-2020-5341

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

problemtype:Deserialization of untrusted data (CWE-502) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-183466 // JVNDB: JVNDB-2021-012451 // NVD: CVE-2020-5341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-049

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-049

PATCH

title:top pageurl:https://www.dell.com/ja-jp

Trust: 0.8

title:Dell EMC Avamar Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110933

Trust: 0.6

sources: JVNDB: JVNDB-2021-012451 // CNNVD: CNNVD-202003-049

EXTERNAL IDS

db:NVDid:CVE-2020-5341

Trust: 3.4

db:JVNDBid:JVNDB-2021-012451

Trust: 0.8

db:CNNVDid:CNNVD-202003-049

Trust: 0.7

db:VULHUBid:VHN-183466

Trust: 0.1

db:VULMONid:CVE-2020-5341

Trust: 0.1

sources: VULHUB: VHN-183466 // VULMON: CVE-2020-5341 // JVNDB: JVNDB-2021-012451 // CNNVD: CNNVD-202003-049 // NVD: CVE-2020-5341

REFERENCES

url:https://www.dell.com/support/security/en-us/details/541677/dsa-2020-057-dell-emc-avamar-server-deserialization-of-untrusted-data-vulnerability

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-5341

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-emc-avamar-server-code-execution-via-deserialization-31714

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/502.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-183466 // VULMON: CVE-2020-5341 // JVNDB: JVNDB-2021-012451 // CNNVD: CNNVD-202003-049 // NVD: CVE-2020-5341

SOURCES

db:VULHUBid:VHN-183466
db:VULMONid:CVE-2020-5341
db:JVNDBid:JVNDB-2021-012451
db:CNNVDid:CNNVD-202003-049
db:NVDid:CVE-2020-5341

LAST UPDATE DATE

2024-08-14T15:17:09.958000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-183466date:2021-08-05T00:00:00
db:VULMONid:CVE-2020-5341date:2021-08-05T00:00:00
db:JVNDBid:JVNDB-2021-012451date:2022-08-31T07:36:00
db:CNNVDid:CNNVD-202003-049date:2021-08-06T00:00:00
db:NVDid:CVE-2020-5341date:2021-08-05T19:13:10.353

SOURCES RELEASE DATE

db:VULHUBid:VHN-183466date:2021-07-28T00:00:00
db:VULMONid:CVE-2020-5341date:2021-07-28T00:00:00
db:JVNDBid:JVNDB-2021-012451date:2022-08-31T00:00:00
db:CNNVDid:CNNVD-202003-049date:2020-03-03T00:00:00
db:NVDid:CVE-2020-5341date:2021-07-28T00:15:07.637