Sign-up

ID

VAR-202102-0302


CVE

CVE-2020-26193


TITLE

Dell EMC PowerScale OneFS  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015957

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2020-26193 // JVNDB: JVNDB-2020-015957 // VULHUB: VHN-180247 // VULMON: CVE-2020-26193

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.1

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.1

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope:eqversion:8.1.0 to 9.1.0

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015957 // NVD: CVE-2020-26193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26193
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-26193
value: HIGH

Trust: 1.0

NVD: CVE-2020-26193
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-888
value: HIGH

Trust: 0.6

VULHUB: VHN-180247
value: HIGH

Trust: 0.1

VULMON: CVE-2020-26193
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-26193
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-180247
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26193
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-015957
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-180247 // VULMON: CVE-2020-26193 // JVNDB: JVNDB-2020-015957 // CNNVD: CNNVD-202102-888 // NVD: CVE-2020-26193 // NVD: CVE-2020-26193

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180247 // JVNDB: JVNDB-2020-015957 // NVD: CVE-2020-26193

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-888

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-888

PATCH

title:DSA-2021-009url:https://www.dell.com/support/kbdoc/ja-jp/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:DELL EMC PowerScale Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142239

Trust: 0.6

sources: JVNDB: JVNDB-2020-015957 // CNNVD: CNNVD-202102-888

EXTERNAL IDS

db:NVDid:CVE-2020-26193

Trust: 2.6

db:JVNDBid:JVNDB-2020-015957

Trust: 0.8

db:CNNVDid:CNNVD-202102-888

Trust: 0.6

db:VULHUBid:VHN-180247

Trust: 0.1

db:VULMONid:CVE-2020-26193

Trust: 0.1

sources: VULHUB: VHN-180247 // VULMON: CVE-2020-26193 // JVNDB: JVNDB-2020-015957 // CNNVD: CNNVD-202102-888 // NVD: CVE-2020-26193

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-26193

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-180247 // VULMON: CVE-2020-26193 // JVNDB: JVNDB-2020-015957 // CNNVD: CNNVD-202102-888 // NVD: CVE-2020-26193

SOURCES

db:VULHUBid:VHN-180247
db:VULMONid:CVE-2020-26193
db:JVNDBid:JVNDB-2020-015957
db:CNNVDid:CNNVD-202102-888
db:NVDid:CVE-2020-26193

LAST UPDATE DATE

2024-11-23T23:07:40.038000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-180247date:2021-02-12T00:00:00
db:VULMONid:CVE-2020-26193date:2021-02-12T00:00:00
db:JVNDBid:JVNDB-2020-015957date:2021-10-26T07:51:00
db:CNNVDid:CNNVD-202102-888date:2021-02-22T00:00:00
db:NVDid:CVE-2020-26193date:2024-11-21T05:19:29.627

SOURCES RELEASE DATE

db:VULHUBid:VHN-180247date:2021-02-09T00:00:00
db:VULMONid:CVE-2020-26193date:2021-02-09T00:00:00
db:JVNDBid:JVNDB-2020-015957date:2021-10-26T00:00:00
db:CNNVDid:CNNVD-202102-888date:2021-02-09T00:00:00
db:NVDid:CVE-2020-26193date:2021-02-09T22:15:13.277