VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 5, 2021· Updated Sep 16, 2024

CVE-2020-29489

CVE-2020-29489

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell EMC Unity, Unity XT, and UnityVSA prior to 5.0.4.0.5.012 store user passwords in plain text in a system file, allowing local authenticated attackers to escalate privileges.

Vulnerability

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. User credentials, including the Unisphere admin privilege user password, are stored in plain text in a system file. This affects all configurations where the system file is accessible to local users [1].

Exploitation

An attacker must have local authenticated access to the affected system and the ability to read the system file where the password is stored. No additional privileges or user interaction are required beyond standard file read permissions. The attacker can then extract the plain-text password from the file [1].

Impact

Successful exploitation allows the attacker to obtain the credentials of the compromised user, including the Unisphere admin user. This can lead to unauthorized access with the same privileges as that user, potentially resulting in full administrative control over the storage system [1].

Mitigation

Dell EMC released a fix in version 5.0.4.0.5.012 and later. Users should upgrade to this version or a subsequent release. No workarounds are documented; the only mitigation is to apply the update [1].

References
  1. DSA-2020-276: Dell EMC Unity Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Dell/Unity XTllm-fuzzy2 versions
    <5.0.4.0.5.012+ 1 more
    • (no CPE)range: <5.0.4.0.5.012
    • (no CPE)range: unspecified
  • Sift/Unityllm-fuzzy
    Range: <5.0.4.0.5.012
  • Dell/UnityVSAllm-fuzzy
    Range: <5.0.4.0.5.012

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.