VAR-202101-0513
Vulnerability from variot - Updated: 2023-12-18 14:04Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0513",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc unity vsa operating environment",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "5.0.4.0.5.012"
},
{
"model": "emc unity operating environment",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "5.0.4.0.5.012"
},
{
"model": "emc unity xt operating environment",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "5.0.4.0.5.012"
},
{
"model": "dell emc unityvsa operating environment",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "5.0.4.0.5.012"
},
{
"model": "dell emc unity xt operating environment",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell emc unity operating environment",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.4.0.5.012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:emc_unity_vsa_operating_environment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.4.0.5.012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.4.0.5.012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29490"
}
]
},
"cve": "CVE-2020-29490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-29490",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-376194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-29490",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-29490",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-29490",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-376194",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "VULHUB",
"id": "VHN-376194"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29490",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-376194",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"id": "VAR-202101-0513",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376194"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:04:30.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-276",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000181248/dsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilitiesdsa-2020-276-dell-emc-unity-security-update-for-multiple-vulnerabilities"
},
{
"title": "DELL Dell EMC Unity and UnityVSA Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138927"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/000181248"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29490"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-376194"
},
{
"date": "2021-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"date": "2021-01-05T22:15:13.937000",
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-376194"
},
{
"date": "2021-09-21T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2020-015389"
},
{
"date": "2021-01-12T15:01:17.257000",
"db": "NVD",
"id": "CVE-2020-29490"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0EMC\u00a0 Resource depletion vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-291"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…