PT-2020-18400 · Dell Emc · Dell Emc Unity+1

Published

2020-02-06

Updated

2020-02-12

CVE-2020-5319

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009

Description The issue concerns a Denial of Service vulnerability in the NAS Server SSH implementation used for SFTP service on a NAS server. A remote unauthenticated attacker may exploit this by sending an out of order SSH protocol sequence, potentially causing a Denial of Service, specifically a Storage Processor Panic.

Recommendations For versions prior to 5.0.2.0.5.009, update to version 5.0.2.0.5.009 or later to resolve the issue.

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2020-5319

Affected Products

Dell Emc Unity

Dell Emc Unityvsa

PT-2020-18400 · Dell Emc · Dell Emc Unity+1

CVE-2020-5319

Weakness Enumeration

Related Identifiers

Affected Products

References · 3