CVE-2020-5350

7.9HIGH

Key Information:

Vendor: Dell
Status: Integrated Data Protection Appliance
Vendor: CVE Published:; 15 April 2020

Summary

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

Affected Version(s)

Integrated Data Protection Appliance < 2.0, 2.1, 2.2, 2.3, 2.4

References

https://www.dell.com/support/security/en-us/details/54251...

x_refsource_MISC

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Jan 3, 2020