Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_DELL_CVE-2020-5366.NASLHistoryJan 17, 2024 - 12:00 a.m.
Dell iDRAC9 Path Traversal (CVE-2020-5366)
2024-01-1700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
dell
idrac9
path traversal
vulnerability
tenable.ot
unauthorized access
remote
cve-2020-5366
6.3 Medium
AI Score
Confidence
High
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501921);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");
script_cve_id("CVE-2020-5366");
script_name(english:"Dell iDRAC9 Path Traversal (CVE-2020-5366)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal
Vulnerability. A remote authenticated malicious user with low
privileges could potentially exploit this vulnerability by
manipulating input parameters to gain unauthorized read access to the
arbitrary files.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e95463b3");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5366");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(22);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac9_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Dell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Dell');
var asset = tenable_ot::assets::get(vendor:'Dell');
var vuln_cpes = {
"cpe:/o:dell:idrac9_firmware" :
{"versionEndExcluding" : "4.20.20.20", "family" : "iDRAC9"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | idrac9_firmware | cpe:/o:dell:idrac9_firmware |
Related
ptsecurity
ptsecurity
PT-2020-06: Local file reading in iDRAC
2020-03-12 00:00:00
prion
prion
Path traversal
2020-07-09 14:15:00
nessus
nessus
Dell iDRAC9 Directory Traversal (DSA-2020-128)
2020-07-31 00:00:00
cve
cve
CVE-2020-5366
2020-07-09 14:15:00
threatpost
threatpost
Researchers Warn of High-Severity Dell PowerEdge Server Flaw
2020-07-28 13:11:01