CVE-2019-18581

EPSS 2.2%
Veröffentlicht 18.03.2020 19:15:16
Zuletzt bearbeitet 21.11.2024 04:33:20
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Data Protection Advisor Version6.3

Dell ≫ Emc Data Protection Advisor Version6.4

Dell ≫ Emc Data Protection Advisor Version6.5

Dell ≫ Emc Data Protection Advisor Version18.1

Dell ≫ Emc Data Protection Advisor Version18.2 Update-

Dell ≫ Emc Data Protection Advisor Version19.1 Update-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.0

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.1

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.2

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.3

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.4

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.2%	0.838

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
security_alert@emc.com	9.1	2.3	6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18581

EUVD