PT-2020-18405 · Dell Emc · Dell Emc Poweredge Vrtx Switch Module+2
Ken Pyle
·
Published
2020-04-10
·
Updated
2024-02-01
·
CVE-2020-5330
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell EMC Networking X-Series versions 3.0.1.2 and older
Dell EMC Networking PC5500 versions 4.1.0.22 and older
Dell EMC PowerEdge VRTX Switch Modules versions 2.0.0.77 and older
Description
The issue allows a remote unauthenticated attacker to retrieve sensitive data by sending a specially crafted request to the affected endpoints. This is an information disclosure vulnerability.
Recommendations
For Dell EMC Networking X-Series versions 3.0.1.2 and older, update to a version newer than 3.0.1.2 to resolve the issue.
For Dell EMC Networking PC5500 versions 4.1.0.22 and older, update to a version newer than 4.1.0.22 to resolve the issue.
For Dell EMC PowerEdge VRTX Switch Modules versions 2.0.0.77 and older, update to a version newer than 2.0.0.77 to resolve the issue.
As a temporary workaround, consider restricting access to the affected endpoints to minimize the risk of exploitation.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Networking Pc5500
Dell Networking X-Series
Dell Emc Poweredge Vrtx Switch Module