Dell Isilon Onefs vulnerabilities
10 known vulnerabilities affecting dell/isilon_onefs.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-5355MEDIUMCVSS 4.3≥ unspecified, < 8.2.22022-10-21
CVE-2020-5355 [MEDIUM] CWE-276 CVE-2020-5355: The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.
cvelistv5nvd
CVE-2020-5353HIGHCVSS 8.8≥ unspecified, < All supported2021-07-29
CVE-2020-5353 [HIGH] CWE-276 CVE-2020-5353: The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
cvelistv5nvd
CVE-2020-5369HIGHCVSS 8.8≥ unspecified, < 8.1.2, 8.2.2, 9.0.02020-09-02
CVE-2020-5369 [HIGH] CWE-732 CVE-2020-5369: Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.
cvelistv5nvd
CVE-2020-5383MEDIUMCVSS 5.3≥ unspecified, < 9.0.0.0, 8.2.22020-08-27
CVE-2020-5383 [MEDIUM] CWE-119 CVE-2020-5383: Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer ov
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.
cvelistv5nvd
CVE-2020-5371HIGHCVSS 8.8v8.1.2, 8.2.1, 8.2.22020-07-06
CVE-2020-5371 [HIGH] CWE-732 CVE-2020-5371: Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a fil
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
cvelistv5nvd
CVE-2020-5364HIGHCVSS 7.5≥ unspecified, < 8.2.22020-05-20
CVE-2020-5364 [HIGH] CWE-201 CVE-2020-5364: Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 service
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.
cvelistv5nvd
CVE-2020-5365HIGHCVSS 7.5≥ unspecified, < 8.2.22020-05-20
CVE-2020-5365 [HIGH] CWE-341 CVE-2020-5365: Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.
cvelistv5nvd
CVE-2020-5347HIGHCVSS 7.5≥ unspecified, < 8.2.22020-04-04
CVE-2020-5347 [HIGH] CWE-400 CVE-2020-5347: Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartCon
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
cvelistv5nvd
CVE-2020-5328CRITICALCVSS 9.8≥ unspecified, < 8.2.02020-03-06
CVE-2020-5328 [CRITICAL] CWE-306 CVE-2020-5328: Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.
cvelistv5nvd
CVE-2020-5318HIGHCVSS 7.5v8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.72020-02-06
CVE-2020-5318 [HIGH] CWE-285 CVE-2020-5318: Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both
cvelistv5nvd