Cybersecurity specialists reported the finding of dozens of vulnerabilities affecting Dell EMC Unity. According to the report, successful exploitation of these 55 flaws could lead to severe cybersecurity risks scenarios, not to mention that there are a few publicly available exploits.

Below is a brief description of some of the reported flaws, in addition to their tracking keys and scores according to the Common Vulnerability Scoring System (CVSS) scale.

CVE-2020-36229: A type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring would allow remote threat actors sending specially crafted requests to crash it in a denial of service (DoS) condition.

This is a medium severity vulnerability and received a CVSS score of 6.5/10.

CVE-2020-17438: A boundary error while processing IP packets would allow malicious remote hackers to send specially crafted IP packets to the affected system, trigger an out-of-bounds write and thus executing arbitrary code.

This is a critical vulnerability with a CVSS score of 8.5/10.

CVE-2020-13987: A boundary condition in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c would allow remote attackers sending specially crafted traffic to the system and trigger a DoS condition.

This vulnerability received a CVSS score of 6.5/10.

CVE-2020-13988: An integer overflow in the affected implementation would allow a remote threat actor to send a specially crafted IP packet and trigger a DoS condition.

This is a low severity flaw and received a CVSS score of 5.7/10.

CVE-2020-36221: An integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c allows remote attackers to send specially crafted requests to the affected application, thus performing a DoS attack.

The flaw received a CVSS score of 6.5/10.

CVE-2020-36222: A reachable assertion in slapd in the saslAuthzTo validation allows remote hackers to send specially designed requests aiming to perform a DoS attack.

This is a medium severity vulnerability and received a CVSS score of 6.5/10.

CVE-2020-36223: A boundary error during the Values Return Filter control handling would allow remote hackers to send a specially crafted request to the slapd, performing a DoS condition.

The flaw received a CVSS score of 6.5/10.

CVE-2020-36224: The release of an invalid pointer when processing saslAuthzTo requests enables threat actors to send specially crafted requests and trigger DoS conditions.

The vulnerability received a CVSS score of 6.5/10.

CVE-2020-36225: A boundary error in the saslAuthzTo processing would allow remote attackers sending specially crafted requests to the slapd, triggering a DoS attack.   

This is a medium severity vulnerability and received a CVSS score of 6.5/10.

CVE-2020-36226: The improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing would allow remote attackers sending specially crafted requests to the slapd and perform a DoS attack.

According to the report, the reported flaws reside in the following products and versions:

  • Dell EMC Unity XT Operating Environment (OE): before 5.1.2.0.5.007
  • Dell EMC UnityVSA Operating Environment (OE): before 5.1.2.0.5.007
  • Dell EMC Unity Operating Environment (OE): before 5.1.2.0.5.007

A full list of detected vulnerabilities is available at Dell official support platforms.

Most of these flaws could be remotely exploited by non-authenticated threat actors and there are at least three publicly available exploits, so users of affected implementations should install the official security patches as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 55 vulnerabilities patched in Dell EMC Unity. Check your servers for updates appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Critical vulnerabilties in Open Design Alliance Drawings SDK affects 1,200 companies like Siemens, Microsoft, Bentley and Epic Games

Cybersecurity specialists reported the finding of multiple vulnerabilities in Drawings SDK, a…

Clients using Magento 1 e-commerce platform are getting hacked

In its latest security alert, Adobe asked users of the Magento 1…

3 critical vulnerabilities in XEN project allows to take control of host OS via VMs in x86 PV

Xen is a hypervisor that allows multiple computer operating systems to run…

How to download paid applications for free from Huawei AppGallery: New vulnerability found

Since then-U.S. President Donald Trump signed an executive order to apply restrictions…