Vulnerabilities > CVE-2020-5372 - Incorrect Authorization vulnerability in Dell products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dell

CWE-863

NVD

Published: 2020-07-06

Updated: 2020-07-13

Summary

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerstore 1000 Firmware * Dell EMC Powerstore 3000 Firmware * Dell EMC Powerstore 5000 Firmware * Dell EMC Powerstore 7000 Firmware * Dell EMC Powerstore 9000 Firmware *	5
Hardware	Dell Dell EMC Powerstore 1000 - Dell EMC Powerstore 3000 - Dell EMC Powerstore 5000 - Dell EMC Powerstore 7000 - Dell EMC Powerstore 9000 -	5

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.dell.com/support/security/en-us/details/544738/DSA-2020-159-Dell-EMC-PowerStore-Family-Improper-Authorization-Vulnerability