fkie_cve-2020-5341
Vulnerability from fkie_nvd
Published
2021-07-28 00:15
Modified
2024-11-21 05:33
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.
References
security_alert@emc.comhttps://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-VulnerabilityPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-VulnerabilityPatch, Vendor Advisory
Impacted products
Vendor Product Version
dell emc_avamar_server 7.4.1
dell emc_avamar_server 7.5.0
dell emc_avamar_server 7.5.1
dell emc_avamar_server 18.1
dell emc_avamar_server 18.2
dell emc_avamar_server 19.1
dell emc_avamar_server 19.2
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_integrated_data_protection_appliance_firmware 2.1
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_integrated_data_protection_appliance_firmware 2.3
dell emc_integrated_data_protection_appliance_firmware 2.4
dell emc_integrated_data_protection_appliance_firmware 2.4.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DB2E9-502A-4097-B7D0-01BD33CB5DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2505F76D-6AB8-489A-AB9D-9069B9A9025E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5714A80-1068-4C43-AF9F-2176C72D1416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC11FA-A04A-4578-99BA-D6A2AE0051A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE822E-6FD6-4FC8-9DFC-A4073D31B58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C133A08-973B-43E2-8E0C-9B7AEF467BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "889D0DDB-7D31-4AE9-972A-AE14CC2A82BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "970D60B9-9DAD-4F1D-BFBE-BB069756011C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1335A62E-B8AB-4D72-A8CE-D2E79EFC42A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B70F149-1646-4D04-A693-A6263011540D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CA7E2E-33D7-48CE-9AAF-2474933BE95B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables Las versiones 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 y 19.2 de Dell EMC Avamar Server y las versiones 2.0, 2.1, 2.2, 2.3, 2.4 y 2.4.1 de Dell EMC Integrated Data Protection Appliance contienen una vulnerabilidad de deserializaci\u00f3n de datos no confiables. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad para enviar una carga \u00fatil serializada que ejecutar\u00eda c\u00f3digo en el sistema."
    }
  ],
  "id": "CVE-2020-5341",
  "lastModified": "2024-11-21T05:33:56.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-28T00:15:07.637",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.