CVE-2020-5367
Last modified
CVE-2020-5367 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Unisphere For Powermax | < 9.1.0.17 |
| Dell | Emc Unisphere For Powermax Virtual Appliance | < 9.1.0.17 |
| Dell | Powermax Os | 5978 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5367?
How severe is CVE-2020-5367?
How do I fix CVE-2020-5367?
Are you affected by CVE-2020-5367?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST