Java RMI Deserialization Vulnerability in Dell Security Management Server
CVE-2020-5327

8.1HIGH

Key Information:

Vendor: Dell
Status: Dell Encryption Enterprise
Vendor: CVE Published:; 6 March 2020

What is CVE-2020-5327?

Dell Security Management Server versions prior to 10.2.10 are vulnerable to a Java RMI deserialization issue, which allows remote unauthenticated attackers to execute arbitrary code by sending specially crafted RMI requests. This vulnerability is particularly dangerous when the server is exposed to the internet, especially if Windows Firewall is disabled, creating a vector for potential exploitation.

Affected Version(s)

Dell Encryption Enterprise < 10.2.10

References

https://www.dell.com/support/article/SLN320536

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2020
Vulnerability Reserved
Jan 3, 2020