DSA-2020-284 Dell EMC PowerStore Family Multiple Security Vulnerabilities
Sammanfattning: Dell EMC PowerStore Family contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Den här artikeln gäller för
Den här artikeln gäller inte för
Den här artikeln är inte kopplad till någon specifik produkt.
Alla produktversioner identifieras inte i den här artikeln.
Påverkan
High
Information
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29499 |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain an OS Command Injection vulnerability in PowerStore X environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
Berörda produkter och åtgärder
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell EMC PowerStore | Versions prior to 1.0.3.0.5.007 | 1.0.3.0.5.007 | https://www.dell.com/support/software/us/en/4#/registration |
Lösningar och åtgärder
None
Revideringshistorik
| Revision | Date | Description |
| 1.0 | 2020-12-15 | Initial Release |
Relaterad information
Juridisk friskrivning
Berörda produkter
PowerStore, PowerStore 1000T, PowerStore 3000T, PowerStore 5000T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000TArtikelegenskaper
Artikelnummer: 000180775
Artikeltyp: Dell Security Advisory
Senast ändrad: 14 dec. 2020
Få svar på dina frågor från andra Dell-användare
Supporttjänster
Kontrollera om din enhet omfattas av supporttjänster.