CVE Published: 15/04/2020 |
CVE Updated: 16/09/2024 |
CVE Year: 2020 Source: dell |
Vendor: Dell |
Product: Integrated Data Protection Appliance Status : PUBLISHED
CVE-2020-5350 Description
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
Metrics
CVSS Version: 3.1 |
Base Score: 7.9 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* LOW Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-78 CWE Name: CWE-78: Improper Neutralization of Special Elements used in an OS Command (
OS Command Injection
) Source: Dell
Common Attack Pattern Enumeration and Classification (CAPEC)