CVE-2020-5353 — Incorrect Default Permissions in Dell Isilon Onefs

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 43.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Isilon Onefs Dell EMC Isilon Onefs Dell EMC Powerscale Onefs

Timeline

PublishedJul 29

Latest updateApr 13

Description

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5dell/isilon_onefsunspecified — All supported

▶NVDdell/emc_isilon_onefs8.2.2

▶NVDdell/emc_powerscale_onefs9.0.0

Patches

Patch: support.emc.com ↗Patch: support.emc.com ↗

🔴Vulnerability Details

VulDB

Dell EMC Isilon OneFS/PowerScale OneFS NFS default permission (ID 542721 / WID-SEC-2026-1046)↗2026-04-13

▶

GHSA

GHSA-54h3-rfwf-3g76: The Dell Isilon OneFS versions 8↗2022-05-24

▶

CVEList

CVE-2020-5353: The Dell Isilon OneFS versions 8↗2021-07-29

▶