Main Vulnerability Database Vulnerabilities #VU46668

Incorrect permission assignment for critical resource in EMC Isilon OneFS - CVE-2020-5369

Published: September 2, 2020 / Updated: September 12, 2020

Vulnerability identifier: #VU46668

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-5369

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EMC Isilon OneFS

Software vendor:
Dell

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.

Remediation

Install update from vendor's website.

External links

https://www.dell.com/support/security/en-us/details/546160/DSA-2020-142-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-SyncIQ-Privi

Incorrect permission assignment for critical resource in EMC Isilon OneFS - CVE-2020-5369

Description

Remediation

External links

Please verify you're human