cbcvebase.
CVE-2020-29499
published 2021-07-19

CVE-2020-29499: Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated…

PriorityP433medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.42%
33.5th percentile
Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Affected

2 ranges
VendorProductVersion rangeFixed in
dellemc_powerstore< 1.0.3.0.5.0071.0.3.0.5.007
dellpowerstore>= unspecified < PowerStore SW 1.0.3.0.5.006PowerStore SW 1.0.3.0.5.006

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.