Positive TechnologiesPT-2020-06PT-2020-06: Local file reading in iDRAC
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
0.002 Low
EPSS
Percentile
52.8%
PT-2020-06: Local file reading in iDRAC
iDRAC (versions before 4.20.20.20)
Severity:
Severity level: High
Impact: Local file reading in iDRAC
Access Vector: Remote
CVSS v3.1: Base 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE: CVE-2020-5366
Vulnerability description:
A vulnerability in iDRAC versions prior to 4.20.20.20 allows low-privileged users to gain unauthorized read access to arbitrary files on the system and potentially obtain administrative privileges.
Advisory status:
March 12, 2020 - Vendor notification date
July 7, 2020 - Security advisory publication date (<https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en>)
Credits:
The vulnerability was discovered by Georgy Kiguradze and Mark Ermolov, Positive Technologies
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
0.002 Low
EPSS
Percentile
52.8%