Vulnerabilities > CVE-2020-26181 - Unspecified vulnerability in Dell EMC Isilon Onefs and EMC Powerscale Onefs

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

dell

NVD

Published: 2021-01-05

Updated: 2021-10-04

Summary

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell EMC Isilon Onefs 7.1.1.11 Dell EMC Isilon Onefs 7.2.1.0 Dell EMC Isilon Onefs 7.2.1.1 Dell EMC Isilon Onefs 7.2.1.2 Dell EMC Isilon Onefs 7.2.1.3 Dell EMC Isilon Onefs 7.2.1.4 Dell EMC Isilon Onefs 7.2.1.5 Dell EMC Isilon Onefs 7.2.1.6 Dell EMC Isilon Onefs 8.0.0.0 Dell EMC Isilon Onefs 8.0.0.1 Dell EMC Isilon Onefs 8.0.0.2 Dell EMC Isilon Onefs 8.0.0.3 Dell EMC Isilon Onefs 8.0.0.4 Dell EMC Isilon Onefs 8.0.0.5 Dell EMC Isilon Onefs 8.0.0.6 Dell EMC Isilon Onefs 8.0.0.7 Dell EMC Isilon Onefs 8.0.1.0 Dell EMC Isilon Onefs 8.0.1.1 Dell EMC Isilon Onefs 8.0.1.2 Dell EMC Isilon Onefs 8.1.0.0	20
OS	Dell Dell EMC Powerscale Onefs 9.0.0	1

References

https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co