DSA-2020-284 Dell EMC PowerStore Family Multiple Security Vulnerabilities
Summary: Dell EMC PowerStore Family contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Acest articol se aplică pentru
Acest articol nu se aplică pentru
Acest articol nu este legat de un produs specific.
Acest articol nu acoperă toate versiunile de produs existente.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
Produse afectate și măsuri de remediere
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
Soluții alternative și strategii de atenuare
None
Revision History
| Revision | Date | Description |
| 1.0 | 2020-12-15 | Initial Release |
Related Information
Exonerare de răspundere
Produse afectate
PowerStore, PowerStore 1000T, PowerStore 3000T, PowerStore 5000T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000TProprietăți articol
Article Number: 000180775
Article Type: Dell Security Advisory
Ultima modificare: 14 dec. 2020
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.