Vulnerabilities > CVE-2020-5368 - Missing Authorization vulnerability in Dell Vxrail D560 Firmware and Vxrail D560F Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-862

NVD

Published: 2020-07-06

Updated: 2020-07-13

Summary

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Vxrail D560F Firmware 4.7.410 Dell Vxrail D560F Firmware 4.7.411 Dell Vxrail D560F Firmware 4.7.510 Dell Vxrail D560 Firmware 4.7.410 Dell Vxrail D560 Firmware 4.7.411 Dell Vxrail D560 Firmware 4.7.510	6
Hardware	Dell Dell Vxrail D560F - Dell Vxrail D560 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.dell.com/support/security/en-us/details/544058/DSA-2020-136-Dell-EMC-VxRail-Appliance-Improper-Authentication-Vulnerability