CVE-2020-29490

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/kbdoc/000181248	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:emc_unity_operating_environment::::::::
	cpe:2.3:a:dell:emc_unity_vsa_operating_environment::::::::
	cpe:2.3:a:dell:emc_unity_xt_operating_environment::::::::

History

12 Jan 2021, 15:01

Type	Values Removed	Values Added
References	~~(MISC) https://www.dell.com/support/kbdoc/000181248 -~~	(MISC) https://www.dell.com/support/kbdoc/000181248 - Vendor Advisory
CPE		cpe:2.3:a:dell:emc_unity_vsa_operating_environment:::::::: cpe:2.3:a:dell:emc_unity_xt_operating_environment:::::::: cpe:2.3:a:dell:emc_unity_operating_environment::::::::
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 6.5

05 Jan 2021, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-05 22:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-29490

Mitre link : CVE-2020-29490

CVE.ORG link : CVE-2020-29490

JSON object : View

Products Affected

dell

emc_unity_xt_operating_environment
emc_unity_vsa_operating_environment
emc_unity_operating_environment

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2020-29490", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-05T22:15:13.937", "references": [{"url": "https://www.dell.com/support/kbdoc/000181248", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests."}, {"lang": "es", "value": "Las versiones de Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de Denegaci\u00f3n de Servicio en Servidores NAS con exportaciones NFS. Un atacante autenticado remoto podr\u00eda potencialmente explotar esta vulnerabilidad y causar una Denegaci\u00f3n de Servicio (P\u00e1nico en el Procesador de Almacenamiento) mediante el env\u00edo de peticiones UDP especialmente dise\u00f1adas"}], "lastModified": "2021-01-12T15:01:17.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "169B99ED-A85F-4121-AAA7-39892537615B", "versionEndExcluding": "5.0.4.0.5.012"}, {"criteria": "cpe:2.3:a:dell:emc_unity_vsa_operating_environment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D769A28-9818-4264-8A6D-04AB8B82DE76", "versionEndExcluding": "5.0.4.0.5.012"}, {"criteria": "cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86AB432A-FAF3-4B9C-B15C-DCBF68C77EB5", "versionEndExcluding": "5.0.4.0.5.012"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}