PT-2020-18430 · Dell Emc · Dell Emc Isilon

Published

2020-05-20

Updated

2020-05-21

CVE-2020-5365

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC Isilon versions 8.2.2 and earlier

Description The issue concerns a pre-configured support account, remotesupport, which is bundled in the Dell EMC Isilon OneFS installation and used for diagnostics and other support functions. Although the default password for this account is different for every cluster, it is predictable, posing a security risk.

Recommendations For Dell EMC Isilon versions 8.2.2 and earlier, consider changing the default password of the remotesupport account to a strong, unpredictable password to mitigate the risk of exploitation. As a temporary workaround, restrict access to the remotesupport account until a more secure configuration can be implemented.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-341

Related Identifiers

CVE-2020-5365

Affected Products

Dell Emc Isilon

PT-2020-18430 · Dell Emc · Dell Emc Isilon

CVE-2020-5365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4