CVE-2020-5350

HIGH

Dell EMC Integrated Data Protection Appliance 2.0-2.4 - Authenticated OS Command Injection in ACM Component

Title source: llm

Description

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability

Scores

CVSS v3 7.9

EPSS 0.0368

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H

Details

CWE

CWE-78

Status published

Products (5)

dell/emc_integrated_data_protection_appliance 2.0

dell/emc_integrated_data_protection_appliance 2.1

dell/emc_integrated_data_protection_appliance 2.2

dell/emc_integrated_data_protection_appliance 2.3

dell/emc_integrated_data_protection_appliance 2.4

Published Apr 15, 2020

Tracked Since Feb 18, 2026