CVE-2020-26194

Name of the Vulnerable Software and Affected Versions: Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2

Description: The issue is related to an Incorrect Permission Assignment for a Critical Resource, which may allow a non-admin user with either ISI PRIV LOGIN CONSOLE or ISI PRIV LOGIN SSH privileges to exploit the vulnerability. This could lead to compromised cryptographic operations. It is noted that no non-admin users or roles have these privileges by default.

Recommendations: For version 8.1.2, consider restricting access to critical resources to prevent exploitation. For version 8.2.2, consider restricting access to critical resources to prevent exploitation. As a temporary workaround, consider disabling the privileges ISI PRIV LOGIN CONSOLE and ISI PRIV LOGIN SSH for non-admin users until a patch is available.