Details of VAR-202101-0318

ID

VAR-202101-0318

CVE

CVE-2020-26181

TITLE

Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-015136

DESCRIPTION

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges

Trust: 1.71

sources: NVD: CVE-2020-26181 // JVNDB: JVNDB-2020-015136 // VULHUB: VHN-180234

AFFECTED PRODUCTS

vendor:	dell	model:	emc isilon onefs	scope:	lte	version:	8.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	デル	model:	dell emc isilon onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015136 // NVD: CVE-2020-26181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26181
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2020-26181
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26181
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202101-233
value:	HIGH
Trust: 0.6
VULHUB:	VHN-180234
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-26181
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-180234
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26181
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-26181
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26181
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-180234 // JVNDB: JVNDB-2020-015136 // CNNVD: CNNVD-202101-233 // NVD: CVE-2020-26181 // NVD: CVE-2020-26181

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180234 // JVNDB: JVNDB-2020-015136 // NVD: CVE-2020-26181

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-233

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-233

PATCH

title:	DSA-2020-227	url:	https://www.dell.com/support/kbdoc/ja-jp/000180922/dsa-2020-227-dell-emc-powerscale-onefs-and-dell-emc-isilon-onefs-security-update-for-smartlock-compliance-mode-privilege-escalation-vulnerability	Trust: 0.8
title:	Dell EMC Isilon OneFS and Dell EMC PowerScale Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138389	Trust: 0.6

sources: JVNDB: JVNDB-2020-015136 // CNNVD: CNNVD-202101-233

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26181	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015136	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-233	Trust: 0.6
db:	VULHUB	id:	VHN-180234	Trust: 0.1

sources: VULHUB: VHN-180234 // JVNDB: JVNDB-2020-015136 // CNNVD: CNNVD-202101-233 // NVD: CVE-2020-26181

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/546720/dsa-2020-227-dell-emc-powerscale-onefs-and-dell-emc-isilon-onefs-security-update-for-smartlock-co	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26181	Trust: 1.4

sources: VULHUB: VHN-180234 // JVNDB: JVNDB-2020-015136 // CNNVD: CNNVD-202101-233 // NVD: CVE-2020-26181

SOURCES

db:	VULHUB	id:	VHN-180234
db:	JVNDB	id:	JVNDB-2020-015136
db:	CNNVD	id:	CNNVD-202101-233
db:	NVD	id:	CVE-2020-26181

LAST UPDATE DATE

2024-11-23T22:33:09.913000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180234	date:	2021-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-015136	date:	2021-09-10T08:55:00
db:	CNNVD	id:	CNNVD-202101-233	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2020-26181	date:	2024-11-21T05:19:28.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180234	date:	2021-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-015136	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-233	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-26181	date:	2021-01-05T22:15:13.673