Vulnerability Description
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Openmanage Server Administrator | <= 9.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-AdministratorExploitThird Party AdvisoryVDB Entry
- https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmVendor Advisory
- http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-AdministratorExploitThird Party AdvisoryVDB Entry
- https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmVendor Advisory
FAQ
What is CVE-2020-5377?
CVE-2020-5377 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabiliti...
How severe is CVE-2020-5377?
CVE-2020-5377 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-5377?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Openmanage Server Administrator.