Lucene search

[email protected]CVE-2020-5319

HistoryFeb 06, 2020 - 6:15 p.m.

CVE-2020-5319

2020-02-0618:15:13

CWE-129

[email protected]

web.nvd.nist.gov

cve-2020-5319

dell

emc

unity

unity xt

unityvsa

denial of service

vulnerability

ssh

sftp

nas server

remote attacker

unauthenticated

storage processor panic

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.

Affected configurations

NVD

Node

dellemc_unity_operating_environmentRange<5.0.2.0.5.009

dellemc_unity_xt_operating_environmentRange<5.0.2.0.5.009

dellemc_unityvsa_operating_environmentRange<5.0.2.0.5.009

CPENameOperatorVersion
dell:emc_unity_operating_environmentdell emc unity operating environmentlt5.0.2.0.5.009
dell:emc_unity_xt_operating_environmentdell emc unity xt operating environmentlt5.0.2.0.5.009
dell:emc_unityvsa_operating_environmentdell emc unityvsa operating environmentlt5.0.2.0.5.009

CPE	Name	Operator	Version
dell:emc_unity_operating_environment	dell emc unity operating environment	lt	5.0.2.0.5.009
dell:emc_unity_xt_operating_environment	dell emc unity xt operating environment	lt	5.0.2.0.5.009
dell:emc_unityvsa_operating_environment	dell emc unityvsa operating environment	lt	5.0.2.0.5.009

CNA Affected

[
  {
    "product": "Unity",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.0.2.0.5.009",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/security/en-us/details/540336/DSA-2020-019-Dell-EMC-Unity-Family-Dell-EMC-Unity-XT-Family-Denial-of-Service-Vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2020-5319

nvd1 prion1 cvelist1