CVE-2020-29489

Published: Jan 5, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Affected (3)

Products: Dell: Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment

Dell

3 products

Emc Unity Operating Environment

Emc Unity Vsa Operating Environment

Emc Unity Xt Operating Environment

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Unity Operating Environment	Before 5.0.4.0.5.012
Dell Emc Unity Vsa Operating Environment	Before 5.0.4.0.5.012
Dell Emc Unity Xt Operating Environment	Before 5.0.4.0.5.012

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.dell.com/support/kbdoc/000181248

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000181248

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.