Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5350


Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.


Published

2020-04-15T18:15:15.693

Last Modified

2024-11-21T05:33:57.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.9 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-78
  • Type: Primary
    CWE-78

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dell emc_integrated_data_protection_appliance 2.0 Yes
Application dell emc_integrated_data_protection_appliance 2.1 Yes
Application dell emc_integrated_data_protection_appliance 2.2 Yes
Application dell emc_integrated_data_protection_appliance 2.3 Yes
Application dell emc_integrated_data_protection_appliance 2.4 Yes

References