CVE-2020-5365Predictable from Observable State in Dell Isilon Onefs

CWE-341Predictable from Observable StateCWE-330Use of Insufficiently Random Values4 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.3%
top 50.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Isilon OnefsDell EMC Isilon Onefs
Timeline
PublishedMay 20
Latest updateMay 24

Description

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/isilon_onefsunspecified8.2.2

🔴Vulnerability Details

2
GHSA
GHSA-f5h9-79w9-p3hq: Dell EMC Isilon versions 82022-05-24
CVEList
CVE-2020-5365: Dell EMC Isilon versions 82020-05-20

💬Community

1
Bugzilla
CVE-2020-13932 activemq: remote XSS in web console diagram plugin2020-07-20
CVE-2020-5365 — Predictable from Observable State | cvebase