1. Home
  2. Mapping Frameworks
  3. CVE Home
  4. Integrated Data Protection Appliance

CVE CVE-2020-5350 Mappings

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-5350 Integrated Data Protection Appliance primary_impact T1059 Command and Scripting Interpreter
CVE-2020-5350 Integrated Data Protection Appliance secondary_impact T1098 Account Manipulation