CVE-2020-29490

Vulnerability

CVE-2020-29490 is a Denial of Service (DoS) vulnerability in Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012. The flaw exists on NAS Servers that have NFS exports configured. A remote, unauthenticated attacker can exploit this by sending specially crafted UDP requests, which causes a Storage Processor Panic, leading to a denial of service [1].

Exploitation

An attacker can exploit this vulnerability remotely over the network by sending maliciously crafted UDP packets to an affected NAS Server that has NFS exports enabled. The attack requires no authentication and no user interaction, and can be performed from a remote network position to trigger the DoS condition [1].

Impact

Successful exploitation results in a Denial of Service (DoS) due to a Storage Processor Panic, causing system unavailability and potential data inaccessibility. The impact is limited to availability; confidentiality and integrity are not affected. The CVSS v3.1 base score for this vulnerability is 7.5 (High) [1].

Mitigation

Dell Technologies has released a security update to address this vulnerability. The fix is included in Dell EMC Unity, Unity XT, and UnityVSA version 5.0.4.0.5.012 and later. Users should apply the update as soon as possible. There are no known workarounds, and the vendor recommends upgrading to the fixed version [1].