CVE-2020-26191Improper Privilege Management in Dell Powerscale Onefs

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 84.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedFeb 9
Latest updateMay 24

Description

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified8.1.2, 8.2.2, 9.1.0+
NVDdell/emc_powerscale_onefs8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-qjvv-qc9h-394h: Dell EMC PowerScale OneFS versions 82022-05-24
CVEList
CVE-2020-26191: Dell EMC PowerScale OneFS versions 82021-02-09
CVE-2020-26191 — Improper Privilege Management in Dell | cvebase