CVE-2020-5364Sensitive Info Insertion into Sent Data in Dell Isilon Onefs

CWE-201Sensitive Info Insertion into Sent DataCWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.3%
top 50.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Isilon OnefsDell EMC Isilon Onefs
Timeline
PublishedMay 20
Latest updateMay 24

Description

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/isilon_onefsunspecified8.2.2

🔴Vulnerability Details

2
GHSA
GHSA-gmvp-mvgx-r28q: Dell EMC Isilon OneFS versions 82022-05-24
CVEList
CVE-2020-5364: Dell EMC Isilon OneFS versions 82020-05-20
CVE-2020-5364 — Sensitive Info Insertion into Sent Data | cvebase