Dell: Security Vulnerabilities
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
CVSS Score
8.0
EPSS Score
0.003
Published
2020-07-06
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.
CVSS Score
8.6
EPSS Score
0.007
Published
2020-07-06
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.
CVSS Score
8.8
EPSS Score
0.055
Published
2020-07-06
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
CVSS Score
7.7
EPSS Score
0.002
Published
2020-07-06
Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-07-06
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.
CVSS Score
6.4
EPSS Score
0.005
Published
2020-06-23
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.
CVSS Score
7.4
EPSS Score
0.003
Published
2020-06-23
CVE-2020-11899
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Known exploited
CVSS Score
5.4
EPSS Score
0.417
Published
2020-06-17
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
CVSS Score
6.7
EPSS Score
0.0
Published
2020-06-15
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
CVSS Score
8.6
EPSS Score
0.0
Published
2020-06-10