CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5355
https://notcve.org/view.php?id=CVE-2020-5355
21 Oct 2022 — The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. El proceso SSHD de Dell Isilon OneFS versiones 8.2.2 y anteriores, permite inapropiadamente el protocolo de control de transmisión (TCP) y el reenvío de flujos. Esto proporciona al usuario de soporte remoto y a los usuarios con shells restringidos más acceso del que es pre... • https://support.emc.com/kb/543561 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5353
https://notcve.org/view.php?id=CVE-2020-5353
29 Jul 2021 — The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. Dell Isilon OneFS versiones 8.2.2 y anteriores y Dell EMC PowerScale OneFS versiones 9.0.0, una configuración predeterminada para Network File System (NFS) permite el acceso a un dire... • https://support.emc.com/kb/542721 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26180
https://notcve.org/view.php?id=CVE-2020-26180
28 Jul 2021 — Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. Dell EMC Isilon OneFS versiones compatibles 8.1 y posteriores y Dell EMC PowerScale OneFS versión 9.0.0, contienen un problema de acceso con la cuenta de usuario remotesupport. Un usuario remoto malicioso con bajos privil... • https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26181
https://notcve.org/view.php?id=CVE-2020-26181
05 Jan 2021 — Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. Dell EMC Isilon OneFS versiones 8.1 y posteriores y Dell EMC PowerScale OneFS versión 9.0.0, contienen una vulnerabilidad de escalamiento de privilegios en un clúster de mod... • https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5371
https://notcve.org/view.php?id=CVE-2020-5371
06 Jul 2020 — Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores y Dell EMC PowerScale versión 9.0.0, contiene una vulnerabilidad de permisos de archivos. Un atacante, con acceso a archivos de red o locales, podría tomar ventaja de permisos de arc... • https://www.dell.com/support/security/en-us/details/544593/DSA-2020-155-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-a-Permissions-Vuln • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5365
https://notcve.org/view.php?id=CVE-2020-5365
20 May 2020 — Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. Dell EMC Isilon versiones 8.2.2 y anteriores, contienen una vulnerabilidad de remotesupport. • https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-341: Predictable from Observable State •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5364
https://notcve.org/view.php?id=CVE-2020-5364
20 May 2020 — Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores, contienen una vulnerabilidad de SNMPv2. Los servicios SNMPv2 están habilitados, por defecto, con una cadena de comunidad preconfigurada.... • https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5347
https://notcve.org/view.php?id=CVE-2020-5347
03 Apr 2020 — Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores, contienen una vulnerabilidad de denegación de servicio. SmartConnect presentaba una condición de error que puede ser activada para un bucle, usando la CPU y potencialmente impidiendo otras respuestas DNS de SmartConnect. • https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5328
https://notcve.org/view.php?id=CVE-2020-5328
06 Mar 2020 — Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS versiones anteriores a 8.2.0, contienen una vulnerabilidad de acceso no autorizado debido a una falta de comprobaciones de autorización exhaustivas cuando SyncIQ es licenciada, pero las sincronizaciones cifradas no son... • https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5318
https://notcve.org/view.php?id=CVE-2020-5318
06 Feb 2020 — Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. Dell EMC Isilon OneFS versiones 8.1.2, 8.1.0.4, 8.1.0.3 y 8.0.0.7, presenta una vulnerabilidad en a... • https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •