Details of VAR-202005-0879

ID

VAR-202005-0879

CVE

CVE-2020-5364

TITLE

Dell EMC Isilon OneFS Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005633

DESCRIPTION

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Attackers can exploit this vulnerability to read part of the Isilon cluster

Trust: 1.71

sources: NVD: CVE-2020-5364 // JVNDB: JVNDB-2020-005633 // VULHUB: VHN-183489

AFFECTED PRODUCTS

vendor:	dell	model:	emc isilon onefs	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	dell	model:	emc isilon onefs	scope:	eq	version:	8.2.2	Trust: 0.8

sources: JVNDB: JVNDB-2020-005633 // NVD: CVE-2020-5364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5364
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2020-5364
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005633
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-1104
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183489
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5364
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-005633
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-183489
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5364
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-5364
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005633
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183489 // JVNDB: JVNDB-2020-005633 // CNNVD: CNNVD-202005-1104 // NVD: CVE-2020-5364 // NVD: CVE-2020-5364

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-201	Trust: 1.0

sources: VULHUB: VHN-183489 // JVNDB: JVNDB-2020-005633 // NVD: CVE-2020-5364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1104

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202005-1104

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005633

PATCH

title:	DSA-2020-124: Dell EMC Isilon OneFS Security Update for Multiple Vulnerabilities	url:	https://www.dell.com/support/security/ja-jp/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities	Trust: 0.8
title:	Dell EMC Isilon OneFS Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119393	Trust: 0.6

sources: JVNDB: JVNDB-2020-005633 // CNNVD: CNNVD-202005-1104

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5364	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-005633	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1104	Trust: 0.7
db:	NSFOCUS	id:	47405	Trust: 0.6
db:	CNVD	id:	CNVD-2020-31248	Trust: 0.1
db:	VULHUB	id:	VHN-183489	Trust: 0.1

sources: VULHUB: VHN-183489 // JVNDB: JVNDB-2020-005633 // CNNVD: CNNVD-202005-1104 // NVD: CVE-2020-5364

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/543775/dsa-2020-124-dell-emc-isilon-onefs-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5364	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5364	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47405	Trust: 0.6

sources: VULHUB: VHN-183489 // JVNDB: JVNDB-2020-005633 // CNNVD: CNNVD-202005-1104 // NVD: CVE-2020-5364

SOURCES

db:	VULHUB	id:	VHN-183489
db:	JVNDB	id:	JVNDB-2020-005633
db:	CNNVD	id:	CNNVD-202005-1104
db:	NVD	id:	CVE-2020-5364

LAST UPDATE DATE

2024-11-23T21:59:17.764000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183489	date:	2020-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-005633	date:	2020-06-18T00:00:00
db:	CNNVD	id:	CNNVD-202005-1104	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-5364	date:	2024-11-21T05:34:00.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183489	date:	2020-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-005633	date:	2020-06-18T00:00:00
db:	CNNVD	id:	CNNVD-202005-1104	date:	2020-05-20T00:00:00
db:	NVD	id:	CVE-2020-5364	date:	2020-05-20T21:15:09.977