CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29490
https://notcve.org/view.php?id=CVE-2020-29490
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. Las versiones de Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de Denegación de Servicio en Servidores NAS con exportaciones NFS. Un atacante autenticado remoto podría potencialmente explotar esta vulnerabilidad y causar una Denegación de Servicio (Pánico en el Procesador de Almacenamiento) mediante el envío de peticiones UDP especialmente diseñadas • https://www.dell.com/support/kbdoc/000181248 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29489
https://notcve.org/view.php?id=CVE-2020-29489
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de almacenamiento de contraseña de texto plano. Una contraseña de credenciales de usuario (incluyendo privilegios de usuario administrador Unisphere) es almacenada en texto plano en un archivo del sistema. • https://www.dell.com/support/kbdoc/000181248 • CWE-276: Incorrect Default Permissions CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26199
https://notcve.org/view.php?id=CVE-2020-26199
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de almacenamiento de contraseña de texto plano. Una contraseña de las credenciales de usuario (incluyendo privilegios de usuario administrador Unisphere) es almacenada en texto plano en múltiples archivos de registro. • https://www.dell.com/support/kbdoc/000181248 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26181
https://notcve.org/view.php?id=CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. Dell EMC Isilon OneFS versiones 8.1 y posteriores y Dell EMC PowerScale OneFS versión 9.0.0, contienen una vulnerabilidad de escalamiento de privilegios en un clúster de modo SmartLock Compliance. El usuario compadmin que se conecta usando ISI PRIV LOGIN SSH o ISI PRIV LOGIN CONSOLE puede elevar los privilegios al usuario root si tiene privilegios ISI PRIV HARDENING • https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5361
https://notcve.org/view.php?id=CVE-2020-5361
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Plataformas Select Dell Client Commercial and Consumer, admiten una capacidad de restablecimiento de contraseña del BIOS que ha sido diseñada para ayudar a clientes autorizados que olvidan sus contraseñas. • https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •