Description: This vulnerability allow arbitrary file read with system level permissions on Dell OpenManage Server Administrator <9.5.
Versions Affected: <9.5
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2020-5377
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2021-21514
Dell disclosure Link: https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities
Dell disclosure Link: https://www.dell.com/support/kbdoc/en-us/000176967/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability
This exploit uses a known authentication bypass to obtain a valid session cookie for the web management interface of OMSA. It then uses an arbitrary file read API endpoint to read files from the server.
CVE-2020-5377.py <yourIP> <targetIP>:<targetPort> This will give a prompt to read files from.
