DSA-2020-080: Dell EMC Data Protection Advisor Hard-Coded Credential Vulnerability
Impact
High
Details
Summary:
Dell EMC Data Protection Advisor contains remediation for a hard-coded credential vulnerability that may be exploited by malicious users to compromise the affected system.
Hard-Coded Credential Vulnerability
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1 contain a hard-coded credential vulnerability in an undocumented account with limited privileges. A remote unauthenticated malicious user with the knowledge of the hard-coded password, may log in to the system and gain read-only privileges.
- CVE-2020-5351
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Hard-Coded Credential Vulnerability
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1 contain a hard-coded credential vulnerability in an undocumented account with limited privileges. A remote unauthenticated malicious user with the knowledge of the hard-coded password, may log in to the system and gain read-only privileges.
- CVE-2020-5351
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Etkilenen Ürünler ve Düzeltme
Affected products:
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1
Remediation:
The following Dell EMC Data Protection Advisor releases address this vulnerability:
-
Dell EMC Data Protection Advisor 18.2
-
Dell EMC Data Protection Advisor 19.1
-
Dell EMC Data Protection Advisor 19.2
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1
Remediation:
The following Dell EMC Data Protection Advisor releases address this vulnerability:
-
Dell EMC Data Protection Advisor 18.2
-
Dell EMC Data Protection Advisor 19.1
-
Dell EMC Data Protection Advisor 19.2
Dell EMC recommends all customers upgrade at the earliest opportunity.
Acknowledgements
Dell EMC would like to thank Cyku from DEVCORE (https://devco.re) for reporting this vulnerability.