Details of VAR-202102-0304

ID

VAR-202102-0304

CVE

CVE-2020-26195

TITLE

Dell EMC PowerScale OneFS Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015958

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2020-26195 // JVNDB: JVNDB-2020-015958 // VULHUB: VHN-180249

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.1.2 to 9.1.0	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015958 // NVD: CVE-2020-26195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26195
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-26195
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26195
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-886
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-180249
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26195
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-180249
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26195
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-015958
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-180249 // JVNDB: JVNDB-2020-015958 // CNNVD: CNNVD-202102-886 // NVD: CVE-2020-26195 // NVD: CVE-2020-26195

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	CWE-280	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180249 // JVNDB: JVNDB-2020-015958 // NVD: CVE-2020-26195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-886

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-886

PATCH

title:	DSA-2021-009	url:	https://www.dell.com/support/kbdoc/ja-jp/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC PowerScale Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142237	Trust: 0.6

sources: JVNDB: JVNDB-2020-015958 // CNNVD: CNNVD-202102-886

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26195	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015958	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-886	Trust: 0.6
db:	VULHUB	id:	VHN-180249	Trust: 0.1

sources: VULHUB: VHN-180249 // JVNDB: JVNDB-2020-015958 // CNNVD: CNNVD-202102-886 // NVD: CVE-2020-26195

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26195	Trust: 0.8

sources: VULHUB: VHN-180249 // JVNDB: JVNDB-2020-015958 // CNNVD: CNNVD-202102-886 // NVD: CVE-2020-26195

SOURCES

db:	VULHUB	id:	VHN-180249
db:	JVNDB	id:	JVNDB-2020-015958
db:	CNNVD	id:	CNNVD-202102-886
db:	NVD	id:	CVE-2020-26195

LAST UPDATE DATE

2024-11-23T22:54:55.109000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180249	date:	2022-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-015958	date:	2021-10-26T07:51:00
db:	CNNVD	id:	CNNVD-202102-886	date:	2021-02-25T00:00:00
db:	NVD	id:	CVE-2020-26195	date:	2024-11-21T05:19:29.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180249	date:	2021-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-015958	date:	2021-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202102-886	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-26195	date:	2021-02-09T22:15:13.463