CVE-2020-5318

Name of the Vulnerable Software and Affected Versions Dell EMC Isilon OneFS versions 8.0.0.7, 8.1.0.3, 8.1.0.4, and 8.1.2

Description The issue allows an attacker to gain access to restricted files in certain configurations. This is due to a vulnerability in the non-RAN HTTP and WebDAV file-serving components when either is enabled and Basic Authentication is enabled for either or both components, resulting in files being accessible without authentication.

Recommendations For versions 8.0.0.7, 8.1.0.3, 8.1.0.4, and 8.1.2, consider disabling the non-RAN HTTP and WebDAV file-serving components or disabling Basic Authentication for these components to minimize the risk of exploitation. Restrict access to sensitive files until a fix is available.