CVE-2020-5330: Dell Networking Security Update for an Information Disclosure Vulnerability

Dell Identifier: DSA-2020-042

CVE Identifier: CVE-2020-5330

Severity: High

Severity Rating: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products:

Dell X-Series firmware versions 3.0.1.2 and older

Dell PC5500 firmware versions 4.1.0.22 and older

Dell VRTX Switches firmware versions 2.0.0.77 and older

Summary:

Dell X-Series, PC5500 series and VRTX Switch Modules require mitigation for a security vulnerability that could be exploited by malicious users to compromise the affected system. This security advisory has been updated to include the resolution for Dell X-Series, Dell PC5500 Series and VRTX Series Switches.

Details:

Information Disclosure Vulnerability

Dell X-Series firmware versions 3.0.1.2 and older, Dell PC5500 firmware versions 4.1.0.22 and older and VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Resolution:

The following Dell Networking release contains resolutions to these vulnerabilities:

VRTX Series Switches:
R1-2210 : http://www.dell.com/support/home/Drivers/DriversDetails?driverId=W4W2D
R1-2401: http://www.dell.com/support/home/Drivers/DriversDetails?driverId=MD36K
Dell PC5500 Series:
PC5500 Series: http://www.dell.com/support/home/Drivers/DriversDetails?driverId=VP09H
Dell Networking X-Series:
X1000: http://www.dell.com/support/home/Drivers/DriversDetails?driverId=V41TF
X4012: http://www.dell.com/support/home/Drivers/DriversDetails?driverId=NYWYR
Dell recommends all customers upgrade at the earliest opportunity.

Credit:

Dell would like to thank Ken Pyle for reporting this vulnerability.

Severity Rating:

For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information:

Read and use the information in this Dell Security Advisory to assist in avoiding any situation that might arise from the problems described herein. Dell distributes Dell Security Advisories, in order to bring to the attention of users of the affected Dell , important security information.

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided “as is” without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Article ID: SLN320366

Last Date Modified: 05/05/2020 12:02 PM