CVE-2020-26181

Name of the Vulnerable Software and Affected Versions: Dell EMC Isilon OneFS versions 8.1 and later Dell EMC PowerScale OneFS version 9.0.0

Description: The issue concerns a privilege escalation vulnerability on a SmartLock Compliance mode cluster. A compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Recommendations: For Dell EMC Isilon OneFS versions 8.1 and later, consider restricting the ISI PRIV HARDENING privileges to prevent privilege escalation. For Dell EMC PowerScale OneFS version 9.0.0, restrict access to ISI PRIV LOGIN SSH and ISI PRIV LOGIN CONSOLE to minimize the risk of exploitation. As a temporary workaround, consider disabling the compadmin user's ability to connect using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE until a patch is available.