Details of VAR-202104-0136

ID

VAR-202104-0136

CVE

CVE-2020-26197

TITLE

Dell Technologies Dell PowerScale OneFS Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-1547

DESCRIPTION

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.08

sources: NVD: CVE-2020-26197 // VULHUB: VHN-180251 // VULMON: CVE-2020-26197

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.0	Trust: 1.0

sources: NVD: CVE-2020-26197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26197
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2020-26197
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-1547
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-180251
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26197
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-180251
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26197
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-26197
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-180251 // CNNVD: CNNVD-202104-1547 // NVD: CVE-2020-26197 // NVD: CVE-2020-26197

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-326	Trust: 1.1

sources: VULHUB: VHN-180251 // NVD: CVE-2020-26197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1547

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-1547

PATCH

title:

Dell Technologies Dell PowerScale OneFS Fixes for encryption problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=148983

Trust: 0.6

sources: CNNVD: CNNVD-202104-1547

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26197	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-1547	Trust: 0.7
db:	VULHUB	id:	VHN-180251	Trust: 0.1
db:	VULMON	id:	CVE-2020-26197	Trust: 0.1

sources: VULHUB: VHN-180251 // VULMON: CVE-2020-26197 // CNNVD: CNNVD-202104-1547 // NVD: CVE-2020-26197

REFERENCES

url:	https://www.dell.com/support/kbdoc/000185202	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26197	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-180251 // VULMON: CVE-2020-26197 // CNNVD: CNNVD-202104-1547 // NVD: CVE-2020-26197

SOURCES

db:	VULHUB	id:	VHN-180251
db:	VULMON	id:	CVE-2020-26197
db:	CNNVD	id:	CNNVD-202104-1547
db:	NVD	id:	CVE-2020-26197

LAST UPDATE DATE

2024-11-23T21:34:47.168000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180251	date:	2022-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26197	date:	2021-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-1547	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2020-26197	date:	2024-11-21T05:19:30.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180251	date:	2021-04-20T00:00:00
db:	VULMON	id:	CVE-2020-26197	date:	2021-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-1547	date:	2021-04-20T00:00:00
db:	NVD	id:	CVE-2020-26197	date:	2021-04-20T17:15:11.410