CVE-2020-5350 — OS Command Injection in Dell Integrated Data Protection Appliance

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

CNA7.9

EPSS

3.7%

top 12.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Integrated Data Protection Appliance Dell EMC Integrated Data Protection Appliance

Timeline

PublishedApr 15

Latest updateMay 24

Description

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/integrated_data_protection_applianceunspecified — 2.0, 2.1, 2.2, 2.3, 2.4

▶NVDdell/emc_integrated_data_protection_appliance5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hfm4-3rg3-394f: Dell EMC Integrated Data Protection Appliance versions 2↗2022-05-24

▶

CVEList

CVE-2020-5350: Dell EMC Integrated Data Protection Appliance versions 2↗2020-04-15

▶