PT-2020-18429 · Dell Emc · Dell Emc Isilon Onefs

Published

2020-05-20

Updated

2020-05-21

CVE-2020-5364

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC Isilon OneFS versions 8.2.2 and earlier

Description The issue concerns an SNMPv2 vulnerability where the SNMPv2 service is enabled by default with a pre-configured community string, allowing read-only access to various aspects of the Isilon cluster. Some of the accessible information is considered sensitive and could facilitate additional access.

Recommendations For Dell EMC Isilon OneFS versions 8.2.2 and earlier, consider disabling the SNMPv2 service or changing the pre-configured community string to prevent unauthorized access. As a temporary workaround, restrict access to sensitive information within the Isilon cluster to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-201

Related Identifiers

CVE-2020-5364

Affected Products

Dell Emc Isilon Onefs

PT-2020-18429 · Dell Emc · Dell Emc Isilon Onefs

CVE-2020-5364

Weakness Enumeration

Related Identifiers

Affected Products

References · 4