CVE-2020-5330

moderate-risk

Published 2020-04-10

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Do I need to act?

17.2% chance of exploitation in next 30 days

EPSS score — higher than 83% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51248

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (5)

R1-2210 Firmware

R1-2401 Firmware

Pc5500 Firmware

X1000 Firmware

X4012 Firmware

Affected Vendors

Dell

References (4)

Exploit http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Discl...

Vendor Advisory https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-netwo...

Exploit http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Discl...

Vendor Advisory https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-netwo...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 13/34 · Low

Exposure 12/34 · Low