CVE-2020-26180Incorrect Default Permissions in Dell Powerscale Onefs

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.3%
top 44.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dell Powerscale OnefsDell EMC Isilon OnefsDell EMC Powerscale Onefs
Timeline
PublishedJul 28
Latest updateMay 24

Description

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5dell/powerscale_onefsunspecifiedOneFS 8.1.2, 8.2.2, 9.0+

🔴Vulnerability Details

2
GHSA
GHSA-qxrq-2x5c-28pr: Dell EMC Isilon OneFS supported versions 82022-05-24
CVEList
CVE-2020-26180: Dell EMC Isilon OneFS supported versions 82021-07-28
CVE-2020-26180 — Incorrect Default Permissions in Dell | cvebase