CVE-2020-5350
Last modified
CVE-2020-5350 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.. EPSS estimates a 1.98% chance of exploitation in the next 30 days.
Description
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Integrated Data Protection Appliance | 2.0 |
| Dell | Emc Integrated Data Protection Appliance | 2.1 |
| Dell | Emc Integrated Data Protection Appliance | 2.2 |
| Dell | Emc Integrated Data Protection Appliance | 2.3 |
| Dell | Emc Integrated Data Protection Appliance | 2.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5350?
How severe is CVE-2020-5350?
How do I fix CVE-2020-5350?
Are you affected by CVE-2020-5350?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST