Lucene search

DellCVELIST:CVE-2020-29489

HistoryJan 05, 2021 - 9:40 p.m.

CVE-2020-29489

2021-01-0521:40:23

CWE-276

dell

www.cve.org

dell emc unity

unity xt

unityvsa

plain-text password storage

vulnerability

system file

local authenticated attacker

compromised user

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

CNA Affected

[
  {
    "product": "Unity",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.0.4.0.5.012",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000181248

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-29489