Lucene search

[email protected]NVD:CVE-2020-5330

HistoryApr 10, 2020 - 7:15 p.m.

CVE-2020-5330

2020-04-1019:15:13

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Affected configurations

Nvd

Node

dellr1-2210_firmwareRange≤3.0.1.2

AND

dellr1-2210Match-

Node

dellr1-2401_firmwareRange≤3.0.1.2

AND

dellr1-2401Match-

Node

dellpc5500_firmwareRange≤4.1.0.22

AND

dellpc5500Match-

Node

dellx1000_firmwareRange≤2.0.0.77

AND

dellx1000Match-

Node

dellx4012_firmwareRange≤2.0.0.77

AND

dellx4012Match-

VendorProductVersionCPE
dellr1-2210_firmware*cpe:2.3:o:dell:r1-2210_firmware:*:*:*:*:*:*:*:*
dellr1-2210-cpe:2.3:h:dell:r1-2210:-:*:*:*:*:*:*:*
dellr1-2401_firmware*cpe:2.3:o:dell:r1-2401_firmware:*:*:*:*:*:*:*:*
dellr1-2401-cpe:2.3:h:dell:r1-2401:-:*:*:*:*:*:*:*
dellpc5500_firmware*cpe:2.3:o:dell:pc5500_firmware:*:*:*:*:*:*:*:*
dellpc5500-cpe:2.3:h:dell:pc5500:-:*:*:*:*:*:*:*
dellx1000_firmware*cpe:2.3:o:dell:x1000_firmware:*:*:*:*:*:*:*:*
dellx1000-cpe:2.3:h:dell:x1000:-:*:*:*:*:*:*:*
dellx4012_firmware*cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*
dellx4012-cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	r1-2210_firmware	*	cpe:2.3:o:dell:r1-2210_firmware::::::::
dell	r1-2210	-	cpe:2.3:h:dell:r1-2210:-:::::::*
dell	r1-2401_firmware	*	cpe:2.3:o:dell:r1-2401_firmware::::::::
dell	r1-2401	-	cpe:2.3:h:dell:r1-2401:-:::::::*
dell	pc5500_firmware	*	cpe:2.3:o:dell:pc5500_firmware::::::::
dell	pc5500	-	cpe:2.3:h:dell:pc5500:-:::::::*
dell	x1000_firmware	*	cpe:2.3:o:dell:x1000_firmware::::::::
dell	x1000	-	cpe:2.3:h:dell:x1000:-:::::::*
dell	x4012_firmware	*	cpe:2.3:o:dell:x4012_firmware::::::::
dell	x4012	-	cpe:2.3:h:dell:x4012:-:::::::*

References

packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html

www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Related for NVD:CVE-2020-5330

prion1 cve1 cvelist1 exploitdb1 packetstorm1 zdt1