Details of VAR-202102-0303

ID

VAR-202102-0303

CVE

CVE-2020-26194

TITLE

Dell PowerScale OneFS Improper Permission Assignment Vulnerability in Critical Resources

Trust: 0.8

sources: JVNDB: JVNDB-2020-015970

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. Dell PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2020-26194 // JVNDB: JVNDB-2020-015970 // VULHUB: VHN-180248

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015970 // NVD: CVE-2020-26194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26194
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2020-26194
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26194
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-887
value:	HIGH
Trust: 0.6
VULHUB:	VHN-180248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26194
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-180248
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26194
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-26194
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26194
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-180248 // JVNDB: JVNDB-2020-015970 // CNNVD: CNNVD-202102-887 // NVD: CVE-2020-26194 // NVD: CVE-2020-26194

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180248 // JVNDB: JVNDB-2020-015970 // NVD: CVE-2020-26194

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-887

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202102-887

PATCH

title:	DSA-2021-009	url:	https://www.dell.com/support/kbdoc/ja-jp/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC PowerScale Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142803	Trust: 0.6

sources: JVNDB: JVNDB-2020-015970 // CNNVD: CNNVD-202102-887

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26194	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015970	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-887	Trust: 0.6
db:	VULHUB	id:	VHN-180248	Trust: 0.1

sources: VULHUB: VHN-180248 // JVNDB: JVNDB-2020-015970 // CNNVD: CNNVD-202102-887 // NVD: CVE-2020-26194

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26194	Trust: 0.8

sources: VULHUB: VHN-180248 // JVNDB: JVNDB-2020-015970 // CNNVD: CNNVD-202102-887 // NVD: CVE-2020-26194

SOURCES

db:	VULHUB	id:	VHN-180248
db:	JVNDB	id:	JVNDB-2020-015970
db:	CNNVD	id:	CNNVD-202102-887
db:	NVD	id:	CVE-2020-26194

LAST UPDATE DATE

2024-11-23T22:44:17.013000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180248	date:	2021-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-015970	date:	2021-10-27T07:57:00
db:	CNNVD	id:	CNNVD-202102-887	date:	2021-02-25T00:00:00
db:	NVD	id:	CVE-2020-26194	date:	2024-11-21T05:19:29.813

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180248	date:	2021-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-015970	date:	2021-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202102-887	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-26194	date:	2021-02-09T22:15:13.340