Impact
High
Details
Details:
- Improper Authentication (CVE-2020-5373)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.
CVSSv3 Base Score 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
- Use of Hard-coded Cryptographic Key (CVE-2020-5374)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
CVSSv3 Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)
Details:
- Improper Authentication (CVE-2020-5373)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.
CVSSv3 Base Score 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
- Use of Hard-coded Cryptographic Key (CVE-2020-5374)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
CVSSv3 Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Affected products:
- Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for System Center Configuration Manager (SCCM) and System Center Virtual Machine Manager (SCVMM) versions prior to 7.2.1.
Remediation:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
- Dell EMC OpenManage Integration for Microsoft System Center Version for System Center Configuration Manager and System Center Virtual Machine Manager v7.2.1.
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
- Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for System Center Configuration Manager (SCCM) and System Center Virtual Machine Manager (SCVMM) versions prior to 7.2.1.
Remediation:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
- Dell EMC OpenManage Integration for Microsoft System Center Version for System Center Configuration Manager and System Center Virtual Machine Manager v7.2.1.
Dell EMC recommends all customers upgrade at the earliest opportunity.
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide