Vulnerability Details CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 7.2
References
- https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co
- https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co
Products affected by CVE-2020-26181
-
cpe:2.3:a:dell:emc_isilon_onefs:7.1.1.11
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.0
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.1
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.2
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.3
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.4
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.5
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.6
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.0
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.1
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.2
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.3
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.4
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.5
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.6
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.7
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.0
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.1
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.2
-
cpe:2.3:a:dell:emc_isilon_onefs:8.1.0.0
-
cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0