CVE-2020-5350 HIGH

CVE-2020-5350

Vendor Dell
Product Integrated Data Protection Appliance
Weakness CWE-78
Published April 15, 2020
Last update September 16, 2024

CVSS base score

7.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H

What the vulnerability does

01Description

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

Key dates

02Disclosure timeline

April 15, 2020 CVE published
September 16, 2024 Record updated