CVE-2020-5368

Published: Jul 6, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Affected (6)

Products: Dell: Vxrail D560f Firmware, Vxrail D560 Firmware

Dell

2 products

Vxrail D560f Firmware

Vxrail D560 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Vxrail D560f Firmware	Version 4.7.410
Dell Vxrail D560f Firmware	Version 4.7.411
Dell Vxrail D560f Firmware	Version 4.7.510

Running on/with	Platform Versions
Dell Vxrail D560f	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Vxrail D560 Firmware	Version 4.7.410
Dell Vxrail D560 Firmware	Version 4.7.411
Dell Vxrail D560 Firmware	Version 4.7.510

Running on/with	Platform Versions
Dell Vxrail D560	All versions

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.dell.com/support/security/en-us/details/544058/DSA-2020-136-Dell-EMC-VxRail-Appliance-Improper-Authentication-Vulnerability

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/544058/DSA-2020-136-Dell-EMC-VxRail-Appliance-Improper-Authentication-Vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.