Lucene search

DellCVELIST:CVE-2020-5370

HistoryJul 22, 2021 - 5:00 p.m.

CVE-2020-5370

2021-07-2217:00:14

CWE-22

dell

www.cve.org

dell emc openmanage enterprise

arbitrary file overwrite

remote authenticated user

directory traversal

denial of service

unauthorized actions

CVSS3

7.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

CNA Affected

[
  {
    "product": "OpenManage Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000130360/dsa-2020-153-dell-emc-openmanage-enterprise-tar-file-extraction-vulnerability

CVSS3

7.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Related for CVELIST:CVE-2020-5370