CVE-2020-5330
published 2020-04-10CVE-2020-5330: Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX…
PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
12.94%
95.8th percentile
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | dell_powerconnect | >= unspecified < X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older | X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older |
| dell | pc5500_firmware | <= 4.1.0.22 | — |
| dell | r1-2210_firmware | <= 3.0.1.2 | — |
| dell | r1-2401_firmware | <= 3.0.1.2 | — |
| dell | x1000_firmware | <= 2.0.0.77 | — |
| dell | x4012_firmware | <= 2.0.0.77 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /config/device/adminusersetting endpoint — a 200 response containing 40-character hex strings (SHA1 hashes) indicates successful exploitation of the information disclosure vulnerability. ↗
- →Exploit leverages an HTTP 302 redirect to carve the API base path and device MAC/ID before accessing the sensitive endpoint — monitor for unauthenticated requests that follow 302 redirects to /config/device/ paths on switch management interfaces. ↗
- →After hash retrieval, attacker authenticates via /System.xml?action=login — monitor for login attempts to this XML API endpoint using SHA1 password hashes (pass-the-hash style) from unauthenticated sources. ↗
- →Affects Dell EMC Networking X-Series ≤3.0.1.2, PC5500 ≤4.1.0.22, and PowerEdge VRTX Switch Modules ≤2.0.0.77 — also tracked as CVE-2019-15993 for Cisco Sx/SMB switches; scope includes Netgear devices. ↗
- ·The exploit targets the device management web interface over HTTPS but disables certificate verification — the vulnerable endpoint is only reachable if the management interface is exposed to untrusted networks. ↗
- ·The attacker requires a pre-built wordlist/dictionary of candidate passwords to crack the disclosed SHA1 hashes offline; exploitation of credentials depends on hash cracking success. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.htmlhttps://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=enhttp://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.htmlhttps://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en
2020-04-10
Published