ID CVE-2020-5372
Summary Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.
References
Vulnerable Configurations
  • cpe:2.3:o:dell:emc_powerstore_1000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_powerstore_1000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_powerstore_1000:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_powerstore_1000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_powerstore_3000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_powerstore_3000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_powerstore_3000:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_powerstore_3000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_powerstore_5000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_powerstore_5000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_powerstore_5000:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_powerstore_5000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_powerstore_7000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_powerstore_7000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_powerstore_7000:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_powerstore_7000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_powerstore_9000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_powerstore_9000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_powerstore_9000:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_powerstore_9000:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-07-2020 - 14:16)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
misc https://www.dell.com/support/security/en-us/details/544738/DSA-2020-159-Dell-EMC-PowerStore-Family-Improper-Authorization-Vulnerability
Last major update 13-07-2020 - 14:16
Published 06-07-2020 - 18:15
Last modified 13-07-2020 - 14:16
Back to Top