CVE-2020-5350

Name of the Vulnerable Software and Affected Versions Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.4

Description The issue concerns a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs, potentially leading to manipulation of passwords and execution of malicious commands on the ACM component.

Recommendations For versions 2.0 through 2.4, consider restricting access to the ACM component APIs to prevent parameter injection until a patch is available. As a temporary workaround, limit the privileges of remote authenticated users to minimize the risk of exploitation. Avoid using the ACM component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.