Search criteria
28 vulnerabilities found for emc_isilon_onefs by dell
CVE-2020-5355 (GCVE-0-2020-5355)
Vulnerability from nvd – Published: 2022-10-21 18:05 – Updated: 2025-05-07 15:55
VLAI?
Summary
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.
Severity ?
4.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.emc.com/kb/543561"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-5355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T15:55:20.270821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T15:55:32.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-21T00:00:00.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://support.emc.com/kb/543561"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5355",
"datePublished": "2022-10-21T18:05:24.132Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2025-05-07T15:55:32.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5353 (GCVE-0-2020-5353)
Vulnerability from nvd – Published: 2021-07-29 15:55 – Updated: 2024-09-17 00:27
VLAI?
Summary
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
Severity ?
8.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < All supported
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.emc.com/kb/542721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "All supported",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an \u0027admin\u0027 home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T15:55:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.emc.com/kb/542721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-04-09",
"ID": "CVE-2020-5353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "All supported"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an \u0027admin\u0027 home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.emc.com/kb/542721",
"refsource": "MISC",
"url": "https://support.emc.com/kb/542721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5353",
"datePublished": "2021-07-29T15:55:15.791310Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:27:01.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26180 (GCVE-0-2020-26180)
Vulnerability from nvd – Published: 2021-07-28 00:05 – Updated: 2024-09-17 02:36
VLAI?
Summary
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
Severity ?
6.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < OneFS 8.1.2, 8.2.2, 9.0+
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "OneFS 8.1.2, 8.2.2, 9.0+",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:05:12",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-10-01",
"ID": "CVE-2020-26180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "OneFS 8.1.2, 8.2.2, 9.0+"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26180",
"datePublished": "2021-07-28T00:05:13.010485Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-17T02:36:15.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26181 (GCVE-0-2020-26181)
Vulnerability from nvd – Published: 2021-01-05 21:40 – Updated: 2024-09-16 18:12
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < 8.1.2, 8.2.2, 9.0+
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.1.2, 8.2.2, 9.0+",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T21:40:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-11-11",
"ID": "CVE-2020-26181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.2, 8.2.2, 9.0+"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": 7,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26181",
"datePublished": "2021-01-05T21:40:22.043302Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-16T18:12:49.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5369 (GCVE-0-2020-5369)
Vulnerability from nvd – Published: 2020-09-02 20:55 – Updated: 2024-09-16 19:46
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.1.2, 8.2.2, 9.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.1.2, 8.2.2, 9.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:55:17",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-08-28",
"ID": "CVE-2020-5369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.2, 8.2.2, 9.0.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5369",
"datePublished": "2020-09-02T20:55:17.768175Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:53.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5371 (GCVE-0-2020-5371)
Vulnerability from nvd – Published: 2020-07-06 17:45 – Updated: 2024-09-16 19:52
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
8.1.2, 8.2.1, 8.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.2, 8.2.1, 8.2.2"
}
]
}
],
"datePublic": "2020-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-06T17:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-06-18",
"ID": "CVE-2020-5371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1.2, 8.2.1, 8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5371",
"datePublished": "2020-07-06T17:45:18.792486Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:52:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5365 (GCVE-0-2020-5365)
Vulnerability from nvd – Published: 2020-05-20 20:45 – Updated: 2024-09-16 17:17
VLAI?
Summary
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.
Severity ?
5.3 (Medium)
CWE
- CWE-341 - Predictable from Observable State
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "CWE-341: Predictable from Observable State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T20:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-05-15",
"ID": "CVE-2020-5365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-341: Predictable from Observable State"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5365",
"datePublished": "2020-05-20T20:45:18.564948Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:17:39.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5364 (GCVE-0-2020-5364)
Vulnerability from nvd – Published: 2020-05-20 20:45 – Updated: 2024-09-16 19:10
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Exposure of Sensitive Information Through Sent Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Exposure of Sensitive Information Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T20:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-05-15",
"ID": "CVE-2020-5364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201: Exposure of Sensitive Information Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5364",
"datePublished": "2020-05-20T20:45:18.127497Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:10:16.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5347 (GCVE-0-2020-5347)
Vulnerability from nvd – Published: 2020-04-03 23:20 – Updated: 2024-09-16 18:28
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T23:20:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-03-20",
"ID": "CVE-2020-5347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5347",
"datePublished": "2020-04-03T23:20:14.052775Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:28:55.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5328 (GCVE-0-2020-5328)
Vulnerability from nvd – Published: 2020-03-06 20:25 – Updated: 2024-09-16 18:29
VLAI?
Summary
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T20:25:14",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-02-20",
"ID": "CVE-2020-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5328",
"datePublished": "2020-03-06T20:25:14.219804Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:29:46.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5318 (GCVE-0-2020-5318)
Vulnerability from nvd – Published: 2020-02-06 17:45 – Updated: 2024-09-16 20:32
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7"
}
]
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T17:45:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-29",
"ID": "CVE-2020-5318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5318",
"datePublished": "2020-02-06T17:45:21.769450Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:32:51.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1213 (GCVE-0-2018-1213)
Vulnerability from nvd – Published: 2018-03-26 18:00 – Updated: 2024-09-16 22:52
VLAI?
Summary
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1213",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T22:52:02.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1204 (GCVE-0-2018-1204)
Vulnerability from nvd – Published: 2018-03-26 18:00 – Updated: 2024-09-16 17:42
VLAI?
Summary
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
Severity ?
No CVSS data available.
CWE
- Path Traversal vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1204",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T17:42:39.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1203 (GCVE-0-2018-1203)
Vulnerability from nvd – Published: 2018-03-26 18:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1203",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T19:20:35.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5355 (GCVE-0-2020-5355)
Vulnerability from cvelistv5 – Published: 2022-10-21 18:05 – Updated: 2025-05-07 15:55
VLAI?
Summary
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.
Severity ?
4.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.emc.com/kb/543561"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-5355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T15:55:20.270821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T15:55:32.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-21T00:00:00.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://support.emc.com/kb/543561"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5355",
"datePublished": "2022-10-21T18:05:24.132Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2025-05-07T15:55:32.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5353 (GCVE-0-2020-5353)
Vulnerability from cvelistv5 – Published: 2021-07-29 15:55 – Updated: 2024-09-17 00:27
VLAI?
Summary
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
Severity ?
8.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < All supported
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.emc.com/kb/542721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "All supported",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an \u0027admin\u0027 home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T15:55:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.emc.com/kb/542721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-04-09",
"ID": "CVE-2020-5353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "All supported"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an \u0027admin\u0027 home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.emc.com/kb/542721",
"refsource": "MISC",
"url": "https://support.emc.com/kb/542721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5353",
"datePublished": "2021-07-29T15:55:15.791310Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:27:01.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26180 (GCVE-0-2020-26180)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:05 – Updated: 2024-09-17 02:36
VLAI?
Summary
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
Severity ?
6.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < OneFS 8.1.2, 8.2.2, 9.0+
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "OneFS 8.1.2, 8.2.2, 9.0+",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:05:12",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-10-01",
"ID": "CVE-2020-26180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "OneFS 8.1.2, 8.2.2, 9.0+"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26180",
"datePublished": "2021-07-28T00:05:13.010485Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-17T02:36:15.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26181 (GCVE-0-2020-26181)
Vulnerability from cvelistv5 – Published: 2021-01-05 21:40 – Updated: 2024-09-16 18:12
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < 8.1.2, 8.2.2, 9.0+
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.1.2, 8.2.2, 9.0+",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T21:40:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-11-11",
"ID": "CVE-2020-26181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.2, 8.2.2, 9.0+"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": 7,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26181",
"datePublished": "2021-01-05T21:40:22.043302Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-16T18:12:49.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5369 (GCVE-0-2020-5369)
Vulnerability from cvelistv5 – Published: 2020-09-02 20:55 – Updated: 2024-09-16 19:46
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.1.2, 8.2.2, 9.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.1.2, 8.2.2, 9.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:55:17",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-08-28",
"ID": "CVE-2020-5369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.2, 8.2.2, 9.0.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5369",
"datePublished": "2020-09-02T20:55:17.768175Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:53.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5371 (GCVE-0-2020-5371)
Vulnerability from cvelistv5 – Published: 2020-07-06 17:45 – Updated: 2024-09-16 19:52
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
8.1.2, 8.2.1, 8.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.2, 8.2.1, 8.2.2"
}
]
}
],
"datePublic": "2020-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-06T17:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-06-18",
"ID": "CVE-2020-5371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1.2, 8.2.1, 8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5371",
"datePublished": "2020-07-06T17:45:18.792486Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:52:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5365 (GCVE-0-2020-5365)
Vulnerability from cvelistv5 – Published: 2020-05-20 20:45 – Updated: 2024-09-16 17:17
VLAI?
Summary
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.
Severity ?
5.3 (Medium)
CWE
- CWE-341 - Predictable from Observable State
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "CWE-341: Predictable from Observable State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T20:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-05-15",
"ID": "CVE-2020-5365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-341: Predictable from Observable State"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5365",
"datePublished": "2020-05-20T20:45:18.564948Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:17:39.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5364 (GCVE-0-2020-5364)
Vulnerability from cvelistv5 – Published: 2020-05-20 20:45 – Updated: 2024-09-16 19:10
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Exposure of Sensitive Information Through Sent Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Exposure of Sensitive Information Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T20:45:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-05-15",
"ID": "CVE-2020-5364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201: Exposure of Sensitive Information Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5364",
"datePublished": "2020-05-20T20:45:18.127497Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:10:16.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5347 (GCVE-0-2020-5347)
Vulnerability from cvelistv5 – Published: 2020-04-03 23:20 – Updated: 2024-09-16 18:28
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T23:20:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-03-20",
"ID": "CVE-2020-5347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5347",
"datePublished": "2020-04-03T23:20:14.052775Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:28:55.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5328 (GCVE-0-2020-5328)
Vulnerability from cvelistv5 – Published: 2020-03-06 20:25 – Updated: 2024-09-16 18:29
VLAI?
Summary
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
unspecified , < 8.2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T20:25:14",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-02-20",
"ID": "CVE-2020-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5328",
"datePublished": "2020-03-06T20:25:14.219804Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:29:46.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5318 (GCVE-0-2020-5318)
Vulnerability from cvelistv5 – Published: 2020-02-06 17:45 – Updated: 2024-09-16 20:32
VLAI?
Summary
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Isilon OneFS |
Affected:
8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7"
}
]
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T17:45:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-29",
"ID": "CVE-2020-5318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5318",
"datePublished": "2020-02-06T17:45:21.769450Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:32:51.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1204 (GCVE-0-2018-1204)
Vulnerability from cvelistv5 – Published: 2018-03-26 18:00 – Updated: 2024-09-16 17:42
VLAI?
Summary
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
Severity ?
No CVSS data available.
CWE
- Path Traversal vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1204",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T17:42:39.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1203 (GCVE-0-2018-1203)
Vulnerability from cvelistv5 – Published: 2018-03-26 18:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1203",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T19:20:35.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1213 (GCVE-0-2018-1213)
Vulnerability from cvelistv5 – Published: 2018-03-26 18:00 – Updated: 2024-09-16 22:52
VLAI?
Summary
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Isilon OneFS |
Affected:
versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44039/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1213",
"datePublished": "2018-03-26T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T22:52:02.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}