CVE-2020-5372

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/security/en-us/details/544738/DSA-2020-159-Dell-EMC-PowerStore-Family-Improper-Authorization-Vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_1000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_5000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_9000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-06 18:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-5372

Mitre link : CVE-2020-5372

CVE.ORG link : CVE-2020-5372

JSON object : View

Products Affected

dell

emc_powerstore_9000_firmware
emc_powerstore_9000
emc_powerstore_5000
emc_powerstore_1000
emc_powerstore_1000_firmware
emc_powerstore_7000_firmware
emc_powerstore_3000_firmware
emc_powerstore_7000
emc_powerstore_5000_firmware
emc_powerstore_3000

CWE

CWE-863

Incorrect Authorization

CWE-1244

Internal Asset Exposed to Unsafe Debug Access Level or State

{"id": "CVE-2020-5372", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2020-07-06T18:15:21.137", "references": [{"url": "https://www.dell.com/support/security/en-us/details/544738/DSA-2020-159-Dell-EMC-PowerStore-Family-Improper-Authorization-Vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-1244"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment."}, {"lang": "es", "value": "Dell EMC PowerStore versiones anteriores a 1.0.1.0.5.002, contiene una vulnerabilidad que expone los puertos de interfaz de prueba hacia una red externa. Un atacante no autenticado remoto podr\u00eda causar una denegaci\u00f3n de servicio por medio de puertos de interfaz de prueba que no son utilizados durante el entorno del tiempo de ejecuci\u00f3n"}], "lastModified": "2020-07-13T14:16:03.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B20F55A-7F78-4A24-8DE5-330EF556893F", "versionEndExcluding": "1.0.1.0.5.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E36329F7-56A6-4352-B771-ADE7F2C099F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D46A67F-A22C-4BD4-BFF7-F6FB5DAFAFC7", "versionEndExcluding": "1.0.1.0.5.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E3A633B-8454-4111-8FA3-261030729173"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E63909B-9DB7-470E-946C-FE64103F5C0A", "versionEndExcluding": "1.0.1.0.5.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ADD064C-E1DB-4E22-911A-49AB57853814"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_7000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F59DCC71-373E-43B3-8281-6265B8FF5C58", "versionEndExcluding": "1.0.1.0.5.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFBA2CDC-7E41-4F8D-92D3-6D3163FE7651"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_9000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F90D8218-F8D9-474B-A602-8141E3EBBB44", "versionEndExcluding": "1.0.1.0.5.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48B48630-8FFB-4E9F-8F67-8448EC6EE79D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}