CVE-2020-5345 - Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual

CVE-2020-5345

Summary

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

References

https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance

Vulnerable Configurations

cpe:2.3:a:dell:emc_unisphere_for_powermax:-:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax:-:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax:9.0.2.16:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax:9.0.2.16:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax:9.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax:9.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_unisphere_for_powermax_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*
cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 02-07-2020 - 15:37)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:P

refmap via4

misc

https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance

Last major update

02-07-2020 - 15:37

Published

23-06-2020 - 20:15

Last modified

02-07-2020 - 15:37