CVE-2020-5377

CRITICAL

Dell EMC OpenManage Server Administrator < 9.4 - Unauthenticated Path Traversal via Web API Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-5377. PoCs published by Rhino Security Labs, und3sc0n0c1d0, h3x0v3rl0rd.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Dell OpenManage Server Administrator (OMSA) versions <= 9.4 to achieve arbitrary file read. It bypasses authentication by impersonating a Dell OMSA remote system and then allows reading files via crafted API requests.

Description

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

Exploits (3)

exploitdb WORKING POC
by Rhino Security Labs · pythonwebappswindows
https://www.exploit-db.com/exploits/49750

This exploit leverages a path traversal vulnerability in Dell OpenManage Server Administrator (OMSA) versions <= 9.4 to achieve arbitrary file read. It bypasses authentication by impersonating a Dell OMSA remote system and then allows reading files via crafted API requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Dell OpenManage Server Administrator (OMSA) <= 9.4
No auth needed
Prerequisites: Network access to the target OMSA instance · Python environment with required libraries (requests, urllib3)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by und3sc0n0c1d0 · poc
https://github.com/und3sc0n0c1d0/AFR-in-OMSA

This repository contains a functional Python script that exploits arbitrary file read vulnerabilities in Dell OpenManage Server Administrator (OMSA) by leveraging authentication bypass and path traversal techniques. The script tests for multiple CVEs (CVE-2016-4004, CVE-2020-5377, CVE-2021-21514) and retrieves file contents from the target system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Dell OpenManage Server Administrator (OMSA)
Auth required
Prerequisites: Network access to target OMSA instance · Valid credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by h3x0v3rl0rd · poc
https://github.com/h3x0v3rl0rd/CVE-2020-5377

This repository contains a functional exploit for CVE-2020-5377, an arbitrary file read vulnerability in Dell OpenManage Server Administrator. The exploit bypasses authentication and allows reading files from the target system by leveraging a path traversal vulnerability in the DownloadServlet endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Dell OpenManage Server Administrator (OMSA) 6.0.3
No auth needed
Prerequisites: Target system running vulnerable Dell OMSA version · Network access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.4833
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
dell/emc_openmanage_server_administrator < 9.4
Published Jul 28, 2020
Tracked Since Feb 18, 2026