CVE-2020-5328Missing Authentication for Critical Function in Dell Isilon Onefs

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 39.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Isilon OnefsDell EMC Isilon Onefs
Timeline
PublishedMar 6
Latest updateMay 24

Description

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/isilon_onefsunspecified8.2.0

🔴Vulnerability Details

2
GHSA
GHSA-974p-hcqc-3w9p: Dell EMC Isilon OneFS versions prior to 82022-05-24
CVEList
CVE-2020-5328: Dell EMC Isilon OneFS versions prior to 82020-03-06
CVE-2020-5328 — Dell Isilon Onefs vulnerability | cvebase