HIGH✓ PATCH🇬🇧 English

CVE-2020-26181

CVSS 7.0v3.1pub. 2021-01-05upd. 2024-11-21

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dell Emc Isilon Onefs

    APP
    Dell
    ≤ 8.1.0.0
  • Dell Emc Powerscale Onefs

    OS
    Dell
    9.0.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2022-26851CRITICAL9.1ten sam produkt

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An u...

CVE-2021-21502CRITICAL9.8ten sam produkt

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability....

CVE-2020-5328CRITICAL9.8ten sam produkt

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of th...

CVE-2023-25941HIGH7.8ten sam produkt

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privilege...

CVE-2022-33934HIGH7.7ten sam produkt

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilit...