Sign-up

ID

VAR-202102-0305


CVE

CVE-2020-26196


TITLE

Dell EMC PowerScale OneFS  Improper Permission Assignment Vulnerability in Critical Resources

Trust: 0.8

sources: JVNDB: JVNDB-2020-015959

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. Dell EMC PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information may be tampered with. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2020-26196 // JVNDB: JVNDB-2020-015959 // VULHUB: VHN-180250

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.1

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.1

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope:eqversion:8.1.0 to 9.1.0

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015959 // NVD: CVE-2020-26196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26196
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2020-26196
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26196
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-885
value: MEDIUM

Trust: 0.6

VULHUB: VHN-180250
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-26196
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-180250
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26196
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-015959
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-180250 // JVNDB: JVNDB-2020-015959 // CNNVD: CNNVD-202102-885 // NVD: CVE-2020-26196 // NVD: CVE-2020-26196

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180250 // JVNDB: JVNDB-2020-015959 // NVD: CVE-2020-26196

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-885

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-885

PATCH

title:DSA-2021-009url:https://www.dell.com/support/kbdoc/ja-jp/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:DELL EMC PowerScale Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142236

Trust: 0.6

sources: JVNDB: JVNDB-2020-015959 // CNNVD: CNNVD-202102-885

EXTERNAL IDS

db:NVDid:CVE-2020-26196

Trust: 2.5

db:JVNDBid:JVNDB-2020-015959

Trust: 0.8

db:CNNVDid:CNNVD-202102-885

Trust: 0.6

db:VULHUBid:VHN-180250

Trust: 0.1

sources: VULHUB: VHN-180250 // JVNDB: JVNDB-2020-015959 // CNNVD: CNNVD-202102-885 // NVD: CVE-2020-26196

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-26196

Trust: 0.8

sources: VULHUB: VHN-180250 // JVNDB: JVNDB-2020-015959 // CNNVD: CNNVD-202102-885 // NVD: CVE-2020-26196

SOURCES

db:VULHUBid:VHN-180250
db:JVNDBid:JVNDB-2020-015959
db:CNNVDid:CNNVD-202102-885
db:NVDid:CVE-2020-26196

LAST UPDATE DATE

2024-11-23T22:05:15.807000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-180250date:2021-02-12T00:00:00
db:JVNDBid:JVNDB-2020-015959date:2021-10-26T07:51:00
db:CNNVDid:CNNVD-202102-885date:2021-02-25T00:00:00
db:NVDid:CVE-2020-26196date:2024-11-21T05:19:30.160

SOURCES RELEASE DATE

db:VULHUBid:VHN-180250date:2021-02-09T00:00:00
db:JVNDBid:JVNDB-2020-015959date:2021-10-26T00:00:00
db:CNNVDid:CNNVD-202102-885date:2021-02-09T00:00:00
db:NVDid:CVE-2020-26196date:2021-02-09T22:15:13.543