CVE-2020-26181 — Improper Privilege Management in Dell Powerscale Onefs

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA7.0

EPSS

0.0%

top 88.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs Dell EMC Isilon Onefs Dell EMC Powerscale Onefs

Timeline

PublishedJan 5

Latest updateMay 24

Description

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5dell/powerscale_onefsunspecified — 8.1.2, 8.2.2, 9.0+

▶NVDdell/emc_isilon_onefs8.1.0.0

▶NVDdell/emc_powerscale_onefs9.0.0

🔴Vulnerability Details

GHSA

GHSA-6qqx-5fph-qx4j: Dell EMC Isilon OneFS versions 8↗2022-05-24

▶

CVEList

CVE-2020-26181: Dell EMC Isilon OneFS versions 8↗2021-01-05

▶