cnvd - cnvd-2020-22965

CNVD-2020-22965

Vulnerability from cnvd - Published: 2020-04-15

Title

Dell EMC Networking X-Series、Dell EMC Networking PC5500和Dell EMC PowerEdge VRTX Switch Modules信息泄露漏洞

Description

Dell EMC Networking X-Series等都是美国戴尔（Dell）公司的产品。Dell EMC Networking X-Series是一款X系列以太网交换机。Dell EMC Networking PC5500是一款PC5500系列以太网交换机。Dell EMC PowerEdge VRTX Switch Modules是一款交换机模块。使用3.0.1.2及之前版本固件的Dell EMC Networking X-Series、使用4.1.0.22及之前版本固件Dell EMC Networking PC5500和使用2.0.0.77及之前版本固件的Dell EMC PowerEdge VRTX Switch Modules中存在信息泄露漏洞。远程攻击者可通过向受影响的端点发送特制的请求利用该漏洞检索敏感信息。

Severity

高

Patch Name

Dell EMC Networking X-Series、Dell EMC Networking PC5500和Dell EMC PowerEdge VRTX Switch Modules信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-networking-security-update-for-an-information-disclosure-vulnerability?lang=en

Impacted products

Name
['Dell EMC Networking X-Series <=3.0.1.2', 'Dell EMC Networking PC5500 <=4.1.0.22', 'Dell EMC PowerEdge VRTX Switch Modules <=2.0.0.77']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5330"
    }
  },
  "description": "Dell EMC Networking X-Series\u7b49\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Networking X-Series\u662f\u4e00\u6b3eX\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002Dell EMC Networking PC5500\u662f\u4e00\u6b3ePC5500\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002Dell EMC PowerEdge VRTX Switch Modules\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u6a21\u5757\u3002\n\n\u4f7f\u75283.0.1.2\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Dell EMC Networking X-Series\u3001\u4f7f\u75284.1.0.22\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6Dell EMC Networking PC5500\u548c\u4f7f\u75282.0.0.77\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Dell EMC PowerEdge VRTX Switch Modules\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7aef\u70b9\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-networking-security-update-for-an-information-disclosure-vulnerability?lang=en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22965",
  "openTime": "2020-04-15",
  "patchDescription": "Dell EMC Networking X-Series\u7b49\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Networking X-Series\u662f\u4e00\u6b3eX\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002Dell EMC Networking PC5500\u662f\u4e00\u6b3ePC5500\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002Dell EMC PowerEdge VRTX Switch Modules\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u6a21\u5757\u3002\r\n\r\n\u4f7f\u75283.0.1.2\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Dell EMC Networking X-Series\u3001\u4f7f\u75284.1.0.22\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6Dell EMC Networking PC5500\u548c\u4f7f\u75282.0.0.77\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Dell EMC PowerEdge VRTX Switch Modules\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7aef\u70b9\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Networking X-Series\u3001Dell EMC Networking PC5500\u548cDell EMC PowerEdge VRTX Switch Modules\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Networking X-Series \u003c=3.0.1.2",
      "Dell EMC Networking PC5500 \u003c=4.1.0.22",
      "Dell EMC PowerEdge VRTX Switch Modules \u003c=2.0.0.77"
    ]
  },
  "serverity": "\u9ad8",
  "submitTime": "2020-04-13",
  "title": "Dell EMC Networking X-Series\u3001Dell EMC Networking PC5500\u548cDell EMC PowerEdge VRTX Switch Modules\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-5330 (GCVE-0-2020-5330)

Vulnerability from cvelistv5 – Published: 2020-04-10 18:55 – Updated: 2024-09-16 20:16

Summary

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

dell

References

URL

Tags

	https://www.dell.com/support/article/en-us/sln320…
	http://packetstormsecurity.com/files/171723/Cisco…

Impacted products

	Vendor	Product	Version
	Dell	Dell PowerConnect	Affected: unspecified , < X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell PowerConnect",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-06T00:00:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
        },
        {
          "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-5330",
    "datePublished": "2020-04-10T18:55:11.617623Z",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-09-16T20:16:29.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-22965

CVE-2020-5330 (GCVE-0-2020-5330)

Tags

Sightings

Nomenclature