CVE-2020-29503

Vulnerability

Dell EMC PowerStore versions prior to 1.0.3.0.5.0xx contain a file permission vulnerability. The issue exists in the file system where certain system directories have misconfigured permissions, allowing a locally authenticated attacker to access and disclose sensitive information. The official description and reference [1] confirm that the vulnerability is present in all PowerStore environments (both T and X) for the affected versions.

Exploitation

To exploit this vulnerability, an attacker must have local access to the PowerStore system with a valid user account (low-privileged authentication is sufficient). No additional user interaction or network access is required beyond local authentication. The attacker can then browse the file system or use standard commands to read files in the affected directories, as the permissions are incorrectly set to allow read access to authenticated users.

Impact

Successful exploitation leads to the disclosure of sensitive information contained in certain system directories. This is a Confidentiality impact only; there is no direct Integrity or Availability impact. The disclosed information could include system configuration files, internal state, or other sensitive data that could aid further attacks. The CVSSv3 base score is not explicitly provided for this CVE, but the advisory notes a "High" severity level.

Mitigation

The vulnerability is fixed in Dell EMC PowerStore version 1.0.3.0.5.007 and later releases [1]. Administrators should upgrade to this version or a subsequent release as soon as possible. No workarounds are documented. If the system cannot be patched immediately, restrict local access to trusted administrators only and monitor for unauthorized access attempts.