DSA-2020-284 Dell EMC PowerStore Family Multiple Security Vulnerabilities
Résumé: Dell EMC PowerStore Family contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
Produits concernés et mesure corrective
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
Solutions de contournement et mesures d’atténuation
None
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2020-12-15 | Initial Release |
Informations connexes
Mention légale
Produits concernés
PowerStore, PowerStore 1000T, PowerStore 3000T, PowerStore 5000T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000TPropriétés de l’article
Numéro d’article: 000180775
Type d’article: Dell Security Advisory
Dernière modification: 14 déc. 2020
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.