CVE-2020-26180

MEDIUM

6.3

Description

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.

CVE Details

CVSS v3.1 Score6.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published7/28/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

dell:emc_isilon_onefsdell:emc_powerscale_onefs

Weaknesses (CWE)

CWE-276CWE-276

References

https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor(security_alert@emc.com)

https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.