CVE-2019-18581

EPSS 2.2%
Published 18.03.2020 19:15:16
Last modified 21.11.2024 04:33:20
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Data Protection Advisor Version6.3

Dell ≫ Emc Data Protection Advisor Version6.4

Dell ≫ Emc Data Protection Advisor Version6.5

Dell ≫ Emc Data Protection Advisor Version18.1

Dell ≫ Emc Data Protection Advisor Version18.2 Update-

Dell ≫ Emc Data Protection Advisor Version19.1 Update-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.0

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.1

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.2

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.3

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.4

   Dell ≫ Emc Idpa Dp4400 Version-
   Dell ≫ Emc Idpa Dp5800 Version-
   Dell ≫ Emc Idpa Dp8300 Version-
   Dell ≫ Emc Idpa Dp8800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.2%	0.838

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
security_alert@emc.com	9.1	2.3	6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18581

EUVD