CVE-2020-26197Inadequate Encryption Strength in Dell Powerscale Onefs

CWE-326Inadequate Encryption StrengthCWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
9.1CRITICALNVD
CNA7.5
EPSS
0.1%
top 67.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedApr 20
Latest updateMay 24

Description

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.1.0-9.1.0
NVDdell/emc_powerscale_onefs4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-q4f7-2q7h-48w2: Dell PowerScale OneFS 82022-05-24
CVEList
CVE-2020-26197: Dell PowerScale OneFS 82021-04-20
CVE-2020-26197 — Inadequate Encryption Strength in Dell | cvebase