← back
CVE-2020-5377

CVE-2020-5377

CVSS 9.1 CRITICALEPSS 48.3%CWE-22
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
Dell · Dell Open Manage Server Administrator
public PoCs found4
githubgithub.com/und3sc0n0c1d0/AFR-in-OMSA2githubgithub.com/h3x0v3rl0rd/CVE-2020-53770cve_referencepacketstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49750unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.htmlhttps://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability?lang=en