cvelistv5 - cve-2019-3741

CVE-2019-3741 (GCVE-0-2019-3741)

Vulnerability from cvelistv5 – Published: 2019-07-18 15:47 – Updated: 2024-09-16 19:29

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Plain-text Password Storage Vulnerability

Assigner

dell

References

URL

Tags

https://productsecurity-ux.ausmp1z1.pcf.dell.com/…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	DELL EMC	Unity	Affected: 5.0 , < 5.0.0.0.5.116 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Unity",
          "vendor": "DELL EMC",
          "versions": [
            {
              "lessThan": "5.0.0.0.5.116",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Plain-text Password Storage Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-18T15:47:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2019-06-27T16:00:00.000Z",
          "ID": "CVE-2019-3741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Unity",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.0.0.5.116"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "DELL EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Plain-text Password Storage Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities",
              "refsource": "MISC",
              "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3741",
    "datePublished": "2019-07-18T15:47:00.171821Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:29:55.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.0.0.5.116\", \"matchCriteriaId\": \"7091DD01-04E8-4560-BE2B-CC0F009C3D17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.0.0.5.116\", \"matchCriteriaId\": \"DAC14A15-77F9-4E6F-B900-6D3FBA241999\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.\"}, {\"lang\": \"es\", \"value\": \"Las versiones de Dell EMC Unity y UnityVSA anteriores a la versi\\u00f3n 5.0.0.0.5.116 contienen una vulnerabilidad de almacenamiento de contrase\\u00f1a de texto sin formato. La contrase\\u00f1a de un usuario de Unisphere (incluido el usuario con privilegios de administrador) se almacena en un texto sin formato en el paquete de Unity Data Collection (archivos de registro para la resoluci\\u00f3n de problemas). Un atacante autenticado local con acceso al paquete de recopilaci\\u00f3n de datos puede usar la contrase\\u00f1a expuesta para obtener acceso con los privilegios del usuario comprometido.\"}]",
      "id": "CVE-2019-3741",
      "lastModified": "2024-11-21T04:42:26.880",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-18T16:15:12.470",
      "references": "[{\"url\": \"https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-693\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3741\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-07-18T16:15:12.470\",\"lastModified\":\"2024-11-21T04:42:26.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Dell EMC Unity y UnityVSA anteriores a la versi\u00f3n 5.0.0.0.5.116 contienen una vulnerabilidad de almacenamiento de contrase\u00f1a de texto sin formato. La contrase\u00f1a de un usuario de Unisphere (incluido el usuario con privilegios de administrador) se almacena en un texto sin formato en el paquete de Unity Data Collection (archivos de registro para la resoluci\u00f3n de problemas). Un atacante autenticado local con acceso al paquete de recopilaci\u00f3n de datos puede usar la contrase\u00f1a expuesta para obtener acceso con los privilegios del usuario comprometido.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.0.0.5.116\",\"matchCriteriaId\":\"7091DD01-04E8-4560-BE2B-CC0F009C3D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.0.0.5.116\",\"matchCriteriaId\":\"DAC14A15-77F9-4E6F-B900-6D3FBA241999\"}]}]}],\"references\":[{\"url\":\"https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-3741

Vulnerability from fkie_nvd - Published: 2019-07-18 16:15 - Updated: 2024-11-21 04:42

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security_alert@emc.com	https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities	Broken Link, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities	Broken Link, Vendor Advisory

Impacted products

	Vendor	Product	Version
	dell	emc_unity_operating_environment	*
	dell	emc_unityvsa_operating_environment	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7091DD01-04E8-4560-BE2B-CC0F009C3D17",
              "versionEndExcluding": "5.0.0.0.5.116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAC14A15-77F9-4E6F-B900-6D3FBA241999",
              "versionEndExcluding": "5.0.0.0.5.116",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user."
    },
    {
      "lang": "es",
      "value": "Las versiones de Dell EMC Unity y UnityVSA anteriores a la versi\u00f3n 5.0.0.0.5.116 contienen una vulnerabilidad de almacenamiento de contrase\u00f1a de texto sin formato. La contrase\u00f1a de un usuario de Unisphere (incluido el usuario con privilegios de administrador) se almacena en un texto sin formato en el paquete de Unity Data Collection (archivos de registro para la resoluci\u00f3n de problemas). Un atacante autenticado local con acceso al paquete de recopilaci\u00f3n de datos puede usar la contrase\u00f1a expuesta para obtener acceso con los privilegios del usuario comprometido."
    }
  ],
  "id": "CVE-2019-3741",
  "lastModified": "2024-11-21T04:42:26.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-18T16:15:12.470",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201907-0095

Vulnerability from variot - Updated: 2023-12-18 13:13

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity and UnityVSA Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may leverage these issues to bypass certain security restrictions and obtain sensitive information; this may aid in launching further attacks. UnityVSA is a virtual Unity storage environment

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0095",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc unity operating environment",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "dell",
        "version": "5.0.0.0.5.116"
      },
      {
        "model": "emc unityvsa operating environment",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "dell",
        "version": "5.0.0.0.5.116"
      },
      {
        "model": "emc unityvsa operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "0"
      },
      {
        "model": "emc unity operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "0"
      },
      {
        "model": "emc unityvsa operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "5.0.0.0.5.116"
      },
      {
        "model": "emc unity operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "5.0.0.0.5.116"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.0.0.5.116",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.0.0.5.116",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "109309"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-3741",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-3741",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-155176",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-3741",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3741",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2019-3741",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-1080",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155176",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity and UnityVSA Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attacker may leverage these issues to bypass certain security restrictions and obtain sensitive information; this may aid in launching further attacks. UnityVSA is a virtual Unity storage environment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "BID",
        "id": "109309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3741",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "109309",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-155176",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "db": "BID",
        "id": "109309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "id": "VAR-201907-0095",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:13:22.966000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "An Introduction to Unity Software | Dell EMC US",
        "trust": 0.8,
        "url": "https://www.dellemc.com/en-us/documentation/unity-family/unity-p-software-upgrades/01-unity-upg-br-introduction.htm"
      },
      {
        "title": "Dell EMC UnityVSA",
        "trust": 0.8,
        "url": "https://www.dellemc.com/en-us/products-solutions/trial-software-download/unity-vsa.htm"
      },
      {
        "title": "Dell EMC Unity  and UnityVSA Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95094"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-693",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3741"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3741"
      },
      {
        "trust": 0.3,
        "url": "http://dell.com"
      },
      {
        "trust": 0.3,
        "url": "https://www.dell.com/support/security/us/en/19/details/535028/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "db": "BID",
        "id": "109309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "db": "BID",
        "id": "109309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "date": "2019-06-27T00:00:00",
        "db": "BID",
        "id": "109309"
      },
      {
        "date": "2019-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "date": "2019-07-18T16:15:12.470000",
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "date": "2019-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155176"
      },
      {
        "date": "2019-06-27T00:00:00",
        "db": "BID",
        "id": "109309"
      },
      {
        "date": "2019-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      },
      {
        "date": "2020-02-10T21:52:44.690000",
        "db": "NVD",
        "id": "CVE-2019-3741"
      },
      {
        "date": "2020-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Unity and  UnityVSA Vulnerability in protection mechanism",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006739"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1080"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-29137

Vulnerability from cnvd - Published: 2019-08-28

Title

Dell EMC Unity和UnityVSA安全绕过漏洞

Description

Dell EMC Unity和UnityVSA都是美国戴尔（Dell）公司的产品。Dell EMC Unity是一款统一存储阵列产品。UnityVSA是一套虚拟Unity存储环境。 Dell EMC Unity 5.0.0.0.5.116之前版本和UnityVSA 5.0.0.0.5.116之前版本中存在安全漏洞，该漏洞源于程序将密码存储为明文形式。本地攻击者可利用该漏洞以用户权限进行访问。

Severity

低

Patch Name

Dell EMC Unity和UnityVSA安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.dell.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3741

Impacted products

Name
['DELL Dell EMC Unity <5.0.0.0.5.116', 'DELL UnityVSA <5.0.0.0.5.116']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3741"
    }
  },
  "description": "Dell EMC Unity\u548cUnityVSA\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Unity\u662f\u4e00\u6b3e\u7edf\u4e00\u5b58\u50a8\u9635\u5217\u4ea7\u54c1\u3002UnityVSA\u662f\u4e00\u5957\u865a\u62dfUnity\u5b58\u50a8\u73af\u5883\u3002\n\nDell EMC Unity 5.0.0.0.5.116\u4e4b\u524d\u7248\u672c\u548cUnityVSA 5.0.0.0.5.116\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u5b58\u50a8\u4e3a\u660e\u6587\u5f62\u5f0f\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u8fdb\u884c\u8bbf\u95ee\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.dell.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29137",
  "openTime": "2019-08-28",
  "patchDescription": "Dell EMC Unity\u548cUnityVSA\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Unity\u662f\u4e00\u6b3e\u7edf\u4e00\u5b58\u50a8\u9635\u5217\u4ea7\u54c1\u3002UnityVSA\u662f\u4e00\u5957\u865a\u62dfUnity\u5b58\u50a8\u73af\u5883\u3002\r\n\r\nDell EMC Unity 5.0.0.0.5.116\u4e4b\u524d\u7248\u672c\u548cUnityVSA 5.0.0.0.5.116\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u5b58\u50a8\u4e3a\u660e\u6587\u5f62\u5f0f\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u8fdb\u884c\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Unity\u548cUnityVSA\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL Dell EMC Unity \u003c5.0.0.0.5.116",
      "DELL UnityVSA \u003c5.0.0.0.5.116"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3741",
  "serverity": "\u4f4e",
  "submitTime": "2019-07-22",
  "title": "Dell EMC Unity\u548cUnityVSA\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2019-3741

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-3741

Aliases

CVE-2019-3741

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3741",
    "description": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.",
    "id": "GSD-2019-3741"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3741"
      ],
      "details": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.",
      "id": "GSD-2019-3741",
      "modified": "2023-12-13T01:24:03.925379Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2019-06-27T16:00:00.000Z",
        "ID": "CVE-2019-3741",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Unity",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "5.0",
                          "version_value": "5.0.0.0.5.116 "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "DELL EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Plain-text Password Storage Vulnerability "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities",
            "refsource": "MISC",
            "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.0.0.5.116",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.0.0.5.116",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2019-3741"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user\u2019s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-693"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-02-10T21:52Z",
      "publishedDate": "2019-07-18T16:15Z"
    }
  }
}

WID-SEC-W-2024-2203

Vulnerability from csaf_certbund - Published: 2024-09-23 22:00 - Updated: 2024-09-23 22:00

Summary

Dell EMC Unity: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Dell EMC Unity ist eine vereinheitliche Speicherlösung.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Dell EMC Unity ausnutzen, um Dateien zu manipulieren und sich erweiterte Rechte zu verschaffen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell EMC Unity ist eine vereinheitliche Speicherl\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Dell EMC Unity ausnutzen, um Dateien zu manipulieren und sich erweiterte Rechte zu verschaffen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2203 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2203.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2203 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2203"
      },
      {
        "category": "external",
        "summary": "DELL Knowledge Database vom 2024-09-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000001846/dsa-2019-086-dell-emc-unity-family-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell EMC Unity: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-09-23T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-24T10:13:14.860+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-2203",
      "initial_release_date": "2024-09-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.0.0.0.5.116",
                "product": {
                  "name": "Dell EMC Unity \u003c5.0.0.0.5.116",
                  "product_id": "T037794"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.0.0.5.116",
                "product": {
                  "name": "Dell EMC Unity 5.0.0.0.5.116",
                  "product_id": "T037794-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:emc_unity:5.0.0.0.5.116"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "EMC Unity"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3734",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Dell EMC Unity. Dieser Fehler ist auf unsachgem\u00e4\u00dfe Autorisierungspr\u00fcfungen in der NAS-Server-Quotenkonfiguration zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer mit Unisphere-Operator-Rechten kann diese Schwachstelle ausnutzen, um die Kontingentkonfigurationen anderer Benutzer zu \u00e4ndern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037794"
        ]
      },
      "release_date": "2024-09-23T22:00:00.000+00:00",
      "title": "CVE-2019-3734"
    },
    {
      "cve": "CVE-2019-3741",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Dell EMC Unity, die das Unity Data Collection Bundle betrifft, in dem Unisphere-Benutzerpassw\u00f6rter (einschlie\u00dflich administrativer Berechtigungen) im Klartext gespeichert werden. Ein lokaler Angreifer mit Zugriff auf dieses Bundle kann den Fehler ausnutzen, um vertrauliche Informationen offenzulegen und die offengelegten Passw\u00f6rter zu verwenden, um mit den Rechten des kompromittierten Benutzers unbefugten Zugriff zu erhalten."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037794"
        ]
      },
      "release_date": "2024-09-23T22:00:00.000+00:00",
      "title": "CVE-2019-3741"
    }
  ]
}

GHSA-GCCR-28W8-PGCJ

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50

Details

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3741"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-18T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.",
  "id": "GHSA-gccr-28w8-pgcj",
  "modified": "2022-05-24T16:50:41Z",
  "published": "2022-05-24T16:50:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3741"
    },
    {
      "type": "WEB",
      "url": "https://productsecurity-ux.ausmp1z1.pcf.dell.com/support/security/us/en/04/details/535028/DSA-2019-086-Dell-EMC-Unity-Family-Multiple-Vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3741 (GCVE-0-2019-3741)

FKIE_CVE-2019-3741

VAR-201907-0095

CNVD-2019-29137

GSD-2019-3741

WID-SEC-W-2024-2203

GHSA-GCCR-28W8-PGCJ

Tags

Sightings

Nomenclature