cbcvebase.
CVE-2020-5330
published 2020-04-10

CVE-2020-5330: Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX…

PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
12.94%
95.8th percentile
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Affected

6 ranges
VendorProductVersion rangeFixed in
delldell_powerconnect>= unspecified < X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and olderX series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older
dellpc5500_firmware<= 4.1.0.22
dellr1-2210_firmware<= 3.0.1.2
dellr1-2401_firmware<= 3.0.1.2
dellx1000_firmware<= 2.0.0.77
dellx4012_firmware<= 2.0.0.77

Detection & IOCsextracted from sources · hover to see the quote

url/config/device/adminusersetting
url/System.xml?action=login&user=<user>&password=<hash>
otherSHA1 password hash (40-char hex) extracted from unauthenticated API response
cookiesessionID
  • Unauthenticated GET request to /config/device/adminusersetting endpoint — a 200 response containing 40-character hex strings (SHA1 hashes) indicates successful exploitation of the information disclosure vulnerability.
  • Exploit leverages an HTTP 302 redirect to carve the API base path and device MAC/ID before accessing the sensitive endpoint — monitor for unauthenticated requests that follow 302 redirects to /config/device/ paths on switch management interfaces.
  • After hash retrieval, attacker authenticates via /System.xml?action=login — monitor for login attempts to this XML API endpoint using SHA1 password hashes (pass-the-hash style) from unauthenticated sources.
  • Affects Dell EMC Networking X-Series ≤3.0.1.2, PC5500 ≤4.1.0.22, and PowerEdge VRTX Switch Modules ≤2.0.0.77 — also tracked as CVE-2019-15993 for Cisco Sx/SMB switches; scope includes Netgear devices.
  • ·The exploit targets the device management web interface over HTTPS but disables certificate verification — the vulnerable endpoint is only reachable if the management interface is exposed to untrusted networks.
  • ·The attacker requires a pre-built wordlist/dictionary of candidate passwords to crack the disclosed SHA1 hashes offline; exploitation of credentials depends on hash cracking success.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.