CVE-2020-35170 : What You Need to Know

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability that could be exploited by authenticated malicious users.

Understanding CVE-2020-35170

This CVE involves a Cross-Site Scripting vulnerability in Dell EMC Unisphere for PowerMax and PowerMax OS.

What is CVE-2020-35170?

The vulnerability allows authenticated malicious users to inject JavaScript code, potentially impacting other authenticated users' sessions.

The Impact of CVE-2020-35170

The vulnerability has a CVSS base score of 6.3, indicating a medium severity level. It poses a risk of unauthorized access and manipulation of user sessions.

Technical Details of CVE-2020-35170

This section provides detailed technical information about the CVE.

Vulnerability Description

The vulnerability stems from improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS) attacks.

Affected Systems and Versions

Product: Unisphere for PowerMax
Vendor: Dell
Affected Versions:
Unspecified version prior to 9.1.0.24

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality, Integrity, and Availability Impact: Low

Mitigation and Prevention

Protect your systems from CVE-2020-35170 with these mitigation strategies.

Immediate Steps to Take

Update Dell EMC Unisphere for PowerMax to version 9.1.0.9 or higher.
Implement strict session management controls.
Monitor and restrict user input to prevent XSS attacks.

Long-Term Security Practices

Conduct regular security training for users on identifying and avoiding phishing attempts.
Employ web application firewalls to filter and block malicious traffic.

Patching and Updates

Stay informed about security updates from Dell EMC.
Apply patches promptly to address known vulnerabilities.