PT-2021-11220 · Dell Emc · Dell Emc Powerscale Onefs

Published

2021-02-09

Updated

2021-02-12

CVE-2020-26192

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Dell EMC PowerScale OneFS versions 8.2.0 through 9.1.0

Description: The issue allows a non-admin user with either ISI PRIV LOGIN CONSOLE or ISI PRIV LOGIN SSH privileges to potentially exploit it and read arbitrary data, tamper with system software, or deny service to users. It is noted that no non-admin users or roles have these privileges by default.

Recommendations: For Dell EMC PowerScale OneFS versions 8.2.0 through 9.1.0, consider restricting access to non-admin users with ISI PRIV LOGIN CONSOLE or ISI PRIV LOGIN SSH privileges until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-26192

Affected Products

Dell Emc Powerscale Onefs

PT-2021-11220 · Dell Emc · Dell Emc Powerscale Onefs

CVE-2020-26192

Weakness Enumeration

Related Identifiers

Affected Products

References · 4