CVE-2020-5319 — Improper Validation of Array Index in Dell Unity

CWE-129 — Improper Validation of Array Index3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell EMC Unity Operating Environment Dell EMC Unity XT Operating Environment +1 more

Timeline

PublishedFeb 6

Latest updateMay 24

Description

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDdell/emc_unityvsa_operating_environment< 5.0.2.0.5.009

▶CVEListV5dell/unityunspecified — 5.0.2.0.5.009

▶NVDdell/emc_unity_operating_environment< 5.0.2.0.5.009

▶NVDdell/emc_unity_xt_operating_environment< 5.0.2.0.5.009

🔴Vulnerability Details

GHSA

GHSA-c2m8-8qv3-5rrj: Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5↗2022-05-24

▶

CVEList

CVE-2020-5319: Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5↗2020-02-06

▶