Command Injection Vulnerability in Dell EMC Integrated Data Protection Appliance
CVE-2020-5350

7.9HIGH

Key Information:

Vendor: Dell
Status: Integrated Data Protection Appliance
Vendor: CVE Published:; 15 April 2020

Summary

Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.4 contain a command injection vulnerability within the ACM component. An authenticated user with root privileges could exploit this vulnerability by injecting parameters through the APIs of the ACM component. This could potentially enable the malicious user to manipulate passwords and execute arbitrary commands on the system, thereby compromising the security and integrity of the appliance.

Affected Version(s)

Integrated Data Protection Appliance < 2.0, 2.1, 2.2, 2.3, 2.4

References

https://www.dell.com/support/security/en-us/details/54251...

x_refsource_MISC

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Jan 3, 2020