Lucene search

DellCVE-2020-5319

HistoryFeb 06, 2020 - 6:15 p.m.

CVE-2020-5319

2020-02-0618:15:13

CWE-129

dell

web.nvd.nist.gov

cve-2020-5319

dell

emc

unity

unity xt

unityvsa

denial of service

vulnerability

ssh

sftp

nas server

remote attacker

unauthenticated

storage processor panic

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.

Affected configurations

Nvd

Vulners

Node

dellemc_unity_operating_environmentRange<5.0.2.0.5.009

dellemc_unity_xt_operating_environmentRange<5.0.2.0.5.009

dellemc_unityvsa_operating_environmentRange<5.0.2.0.5.009

VendorProductVersionCPE
dellemc_unity_operating_environment*cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*
dellemc_unity_xt_operating_environment*cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:*
dellemc_unityvsa_operating_environment*cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_unity_operating_environment	*	cpe:2.3:a:dell:emc_unity_operating_environment::::::::
dell	emc_unity_xt_operating_environment	*	cpe:2.3:a:dell:emc_unity_xt_operating_environment::::::::
dell	emc_unityvsa_operating_environment	*	cpe:2.3:a:dell:emc_unityvsa_operating_environment::::::::

CNA Affected

[
  {
    "product": "Unity",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.0.2.0.5.009",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/security/en-us/details/540336/DSA-2020-019-Dell-EMC-Unity-Family-Dell-EMC-Unity-XT-Family-Denial-of-Service-Vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON

Related for CVE-2020-5319