Sign-up

ID

VAR-202003-1492


CVE

CVE-2020-5328


TITLE

Dell EMC Isilon OneFS Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002513

DESCRIPTION

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell. An attacker could exploit this vulnerability with a specially crafted request to bypass security restrictions and compromise the system

Trust: 1.71

sources: NVD: CVE-2020-5328 // JVNDB: JVNDB-2020-002513 // VULHUB: VHN-183453

AFFECTED PRODUCTS

vendor:dellmodel:emc isilon onefsscope:ltversion:8.2.0

Trust: 1.0

vendor:dell emc old emcmodel:isilon onefsscope:eqversion:8.2.0

Trust: 0.8

vendor:dellmodel:emc isilon onefsscope:eqversion:8.1.0.4

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:8.1.2

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.3

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.2

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.6

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.0

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.5

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.1.1.11

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.4

Trust: 0.6

vendor:dellmodel:emc isilon onefsscope:eqversion:7.2.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2020-002513 // CNNVD: CNNVD-202003-251 // NVD: CVE-2020-5328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5328
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2020-5328
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-002513
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202003-251
value: CRITICAL

Trust: 0.6

VULHUB: VHN-183453
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5328
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002513
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183453
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5328
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-002513
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183453 // JVNDB: JVNDB-2020-002513 // CNNVD: CNNVD-202003-251 // NVD: CVE-2020-5328 // NVD: CVE-2020-5328

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-183453 // JVNDB: JVNDB-2020-002513 // NVD: CVE-2020-5328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-251

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202003-251

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002513

PATCH
title:DSA-2020-039: Dell EMC Isilon OneFS Security Update for a SyncIQ Vulnerabilityurl:https://www.dell.com/support/security/ja-jp/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability
Trust: 0.8
title:Dell EMC Isilon OneFS Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111636
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002513 // 
            
            
            
            CNNVD: CNNVD-202003-251

EXTERNAL IDS
db:NVDid:CVE-2020-5328
Trust: 2.5
db:JVNDBid:JVNDB-2020-002513
Trust: 0.8
db:CNNVDid:CNNVD-202003-251
Trust: 0.7
db:CNVDid:CNVD-2020-16486
Trust: 0.1
db:VULHUBid:VHN-183453
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183453 // 
            
            
            
            JVNDB: JVNDB-2020-002513 // 
            
            
            
            CNNVD: CNNVD-202003-251 // 
            
            
            
            NVD: CVE-2020-5328

REFERENCES
url:https://www.dell.com/support/security/en-us/details/541423/dsa-2020-039-dell-emc-isilon-onefs-security-update-for-a-synciq-vulnerability
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5328
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5328
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183453 // 
            
            
            
            JVNDB: JVNDB-2020-002513 // 
            
            
            
            CNNVD: CNNVD-202003-251 // 
            
            
            
            NVD: CVE-2020-5328

SOURCES
db:VULHUBid:VHN-183453
db:JVNDBid:JVNDB-2020-002513
db:CNNVDid:CNNVD-202003-251
db:NVDid:CVE-2020-5328

LAST UPDATE DATE
2024-11-23T22:21:14.507000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183453date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2020-002513date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-251date:2020-03-13T00:00:00
db:NVDid:CVE-2020-5328date:2024-11-21T05:33:55.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-183453date:2020-03-06T00:00:00
db:JVNDBid:JVNDB-2020-002513date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-251date:2020-03-06T00:00:00
db:NVDid:CVE-2020-5328date:2020-03-06T21:15:15.687