Path Traversal Vulnerabilities in Dell EMC OpenManage Server Administrator
CVE-2020-5377

9.1CRITICAL

Key Information:

Vendor: Dell
Status: Dell Open Manage Server Administrator
Vendor: CVE Published:; 28 July 2020

Badges

👾 Exploit Exists🟣 EPSS 81%

Summary

Multiple path traversal vulnerabilities exist in Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and earlier. These vulnerabilities could be exploited by an unauthenticated remote attacker who sends a specially crafted Web API request with directory traversal sequences. Successful exploitation may allow the attacker to traverse the file system on the affected management station, potentially exposing sensitive information.

Affected Version(s)

Dell Open Manage Server Administrator < 9.5

References

https://www.dell.com/support/article/en-us/sln322304/dsa-...

x_refsource_MISC

http://packetstormsecurity.com/files/162110/Dell-OpenMana...

x_refsource_MISC

EPSS Score

81% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 30, 2024
👾
Exploit known to exist
May 30, 2024
Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Jan 3, 2020