9 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. El proceso SSHD de Dell Isilon OneFS versiones 8.2.2 y anteriores, permite inapropiadamente el protocolo de control de transmisión (TCP) y el reenvío de flujos. Esto proporciona al usuario de soporte remoto y a los usuarios con shells restringidos más acceso del que es pretendido • https://support.emc.com/kb/543561 • CWE-276: Incorrect Default Permissions •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. Dell Isilon OneFS versiones 8.2.2 y anteriores y Dell EMC PowerScale OneFS versiones 9.0.0, una configuración predeterminada para Network File System (NFS) permite el acceso a un directorio de inicio "admin". Un atacante puede aprovechar un Unique Identifier (UID) falsificado a través de NFS para reescribir archivos confidenciales y conseguir acceso administrativo al sistema • https://support.emc.com/kb/542721 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores y Dell EMC PowerScale versión 9.0.0, contiene una vulnerabilidad de permisos de archivos. Un atacante, con acceso a archivos de red o locales, podría tomar ventaja de permisos de archivos insuficientemente aplicados y conseguir acceso no autorizado a archivos • https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. Dell EMC Isilon versiones 8.2.2 y anteriores, contienen una vulnerabilidad de remotesupport. • https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-341: Predictable from Observable State •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores, contienen una vulnerabilidad de SNMPv2. Los servicios SNMPv2 están habilitados, por defecto, con una cadena de comunidad preconfigurada. • https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •