Sign-up

ID

VAR-202005-0880


CVE

CVE-2020-5365


TITLE

Dell EMC Isilon Vulnerability regarding the use of inadequate random values in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005634

DESCRIPTION

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell. An attacker could use the 'remotesupport' account to exploit this vulnerability to compromise the affected system

Trust: 1.71

sources: NVD: CVE-2020-5365 // JVNDB: JVNDB-2020-005634 // VULHUB: VHN-183490

AFFECTED PRODUCTS

vendor:dellmodel:emc isilon onefsscope:lteversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc isilon onefsscope:eqversion:8.2.2

Trust: 0.8

sources: JVNDB: JVNDB-2020-005634 // NVD: CVE-2020-5365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5365
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5365
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005634
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1105
value: HIGH

Trust: 0.6

VULHUB: VHN-183490
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5365
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005634
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183490
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5365
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5365
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005634
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183490 // JVNDB: JVNDB-2020-005634 // CNNVD: CNNVD-202005-1105 // NVD: CVE-2020-5365 // NVD: CVE-2020-5365

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.9

problemtype:CWE-341

Trust: 1.0

sources: VULHUB: VHN-183490 // JVNDB: JVNDB-2020-005634 // NVD: CVE-2020-5365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1105

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005634

PATCH
title:DSA-2020-124: Dell EMC Isilon OneFS Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities
Trust: 0.8
title:Dell EMC Isilon OneFS Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119394
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005634 // 
            
            
            
            CNNVD: CNNVD-202005-1105

EXTERNAL IDS
db:NVDid:CVE-2020-5365
Trust: 2.5
db:JVNDBid:JVNDB-2020-005634
Trust: 0.8
db:CNNVDid:CNNVD-202005-1105
Trust: 0.7
db:NSFOCUSid:47816
Trust: 0.6
db:CNVDid:CNVD-2020-31249
Trust: 0.1
db:VULHUBid:VHN-183490
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183490 // 
            
            
            
            JVNDB: JVNDB-2020-005634 // 
            
            
            
            CNNVD: CNNVD-202005-1105 // 
            
            
            
            NVD: CVE-2020-5365

REFERENCES
url:https://www.dell.com/support/security/en-us/details/543775/dsa-2020-124-dell-emc-isilon-onefs-security-update-for-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5365
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5365
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47816
Trust: 0.6
sources:
            
            
            VULHUB: VHN-183490 // 
            
            
            
            JVNDB: JVNDB-2020-005634 // 
            
            
            
            CNNVD: CNNVD-202005-1105 // 
            
            
            
            NVD: CVE-2020-5365

SOURCES
db:VULHUBid:VHN-183490
db:JVNDBid:JVNDB-2020-005634
db:CNNVDid:CNNVD-202005-1105
db:NVDid:CVE-2020-5365

LAST UPDATE DATE
2024-11-23T23:01:22.661000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183490date:2020-05-21T00:00:00
db:JVNDBid:JVNDB-2020-005634date:2020-06-18T00:00:00
db:CNNVDid:CNNVD-202005-1105date:2020-08-18T00:00:00
db:NVDid:CVE-2020-5365date:2024-11-21T05:34:00.417

SOURCES RELEASE DATE
db:VULHUBid:VHN-183490date:2020-05-20T00:00:00
db:JVNDBid:JVNDB-2020-005634date:2020-06-18T00:00:00
db:CNNVDid:CNNVD-202005-1105date:2020-05-20T00:00:00
db:NVDid:CVE-2020-5365date:2020-05-20T21:15:10.087