CVE-2020-26196Incorrect Permission Assignment in Dell Powerscale Onefs

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedFeb 9
Latest updateMay 24

Description

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified8.1.2, 8.2.1, 8.2.2, 9.0.0
NVDdell/emc_powerscale_onefs8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-5c78-cfx6-pmjr: Dell EMC PowerScale OneFS versions 82022-05-24
CVEList
CVE-2020-26196: Dell EMC PowerScale OneFS versions 82021-02-09
CVE-2020-26196 — Incorrect Permission Assignment | cvebase