Detections
Analytics

EMC Data Protection Advisor 6.4 / 6.5 / 18.1 OS Command Injection (DSA-2020-081)

high Nessus Plugin ID 138601

Language:

Synopsis

An application installed on the remote host is affected by an OS command injection vulnerability.

Description

The version of EMC Protection Advisor installed on the remote host is 6.4, 6.5 or 18.1. It is, therefore, affected by an OS command injection vulnerability. An authenticated, remote attacker can exploit this to execute arbitrary commands on the affected system.

Solution

Upgrade EMC Protection Advisor to version 18.2, 19.1, 19.2 or later.

See Also

http://www.nessus.org/u?ac26bb32

Plugin Details

Severity: High

ID: 138601

File Name: emc_dpa_dsa-2020-081.nasl

Version: 1.3

Type: remote

Family: Misc.

Published: 7/17/2020

Updated: 9/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2020-5352

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:emc:data_protection_advisor

Required KB Items: installed_sw/EMC Data Protection Advisor

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2020

Vulnerability Publication Date: 4/9/2020

Reference Information

CVE: CVE-2020-5352

IAVB: 2020-B-0038-S