Vulnerabilities > CVE-2020-5318 - Incorrect Authorization vulnerability in Dell EMC Isilon Onefs

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-863

NVD

Published: 2020-02-06

Updated: 2020-02-11

Summary

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell EMC Isilon Onefs 8.1.2 Dell EMC Isilon Onefs 8.1.0.3 Dell EMC Isilon Onefs 8.0.0.7 Dell EMC Isilon Onefs 8.1.0.4	4

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability