PT-2020-18422 · Dell Emc · Dell Emc Data Protection Advisor

Published

2020-07-06

Updated

2020-07-13

CVE-2020-5352

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell EMC Data Protection Advisor versions 6.4 through 6.5 Dell EMC Data Protection Advisor version 18.1

Description The issue allows a remote authenticated malicious user to execute arbitrary commands on the affected system due to an OS command injection vulnerability.

Recommendations For versions 6.4 and 6.5, update to a version that contains a fix for this issue. For version 18.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-5352

Affected Products

Dell Emc Data Protection Advisor

PT-2020-18422 · Dell Emc · Dell Emc Data Protection Advisor

CVE-2020-5352

Weakness Enumeration

Related Identifiers

Affected Products

References · 4