CVE-2020-29489 — Incorrect Default Permissions in Dell Unity

CWE-276 — Incorrect Default Permissions CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.7MEDIUMNVD

CNA6.4

EPSS

0.0%

top 94.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell EMC Unity Operating Environment Dell EMC Unity VSA Operating Environment +1 more

Timeline

PublishedJan 5

Latest updateMay 24

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/emc_unity_vsa_operating_environment< 5.0.4.0.5.012

▶CVEListV5dell/unityunspecified — 5.0.4.0.5.012

▶NVDdell/emc_unity_operating_environment< 5.0.4.0.5.012

▶NVDdell/emc_unity_xt_operating_environment< 5.0.4.0.5.012

🔴Vulnerability Details

GHSA

GHSA-8xmx-4f3h-rv3w: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2022-05-24

▶

CVEList

CVE-2020-29489: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2021-01-05

▶