Sign-up

ID

VAR-202107-0418


CVE

CVE-2020-5353


TITLE

DELL Dell EMC Isilon OneFS and EMC PowerScale Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202107-2130

DESCRIPTION

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system

Trust: 1.08

sources: NVD: CVE-2020-5353 // VULHUB: VHN-183478 // VULMON: CVE-2020-5353

AFFECTED PRODUCTS

vendor:dellmodel:emc isilon onefsscope:lteversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.0.0

Trust: 1.0

sources: NVD: CVE-2020-5353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5353
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5353
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202107-2130
value: HIGH

Trust: 0.6

VULHUB: VHN-183478
value: HIGH

Trust: 0.1

VULMON: CVE-2020-5353
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5353
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-183478
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5353
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-183478 // VULMON: CVE-2020-5353 // CNNVD: CNNVD-202107-2130 // NVD: CVE-2020-5353 // NVD: CVE-2020-5353

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

sources: VULHUB: VHN-183478 // NVD: CVE-2020-5353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-2130

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-2130

PATCH

title:DELL Dell EMC Isilon OneFS and EMC PowerScale Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159046

Trust: 0.6

sources: CNNVD: CNNVD-202107-2130

EXTERNAL IDS

db:NVDid:CVE-2020-5353

Trust: 1.8

db:CNNVDid:CNNVD-202107-2130

Trust: 0.6

db:VULHUBid:VHN-183478

Trust: 0.1

db:VULMONid:CVE-2020-5353

Trust: 0.1

sources: VULHUB: VHN-183478 // VULMON: CVE-2020-5353 // CNNVD: CNNVD-202107-2130 // NVD: CVE-2020-5353

REFERENCES

url:https://support.emc.com/kb/542721

Trust: 1.8

url:https://cwe.mitre.org/data/definitions/276.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-183478 // VULMON: CVE-2020-5353 // CNNVD: CNNVD-202107-2130 // NVD: CVE-2020-5353

SOURCES

db:VULHUBid:VHN-183478
db:VULMONid:CVE-2020-5353
db:CNNVDid:CNNVD-202107-2130
db:NVDid:CVE-2020-5353

LAST UPDATE DATE

2024-08-14T15:22:12.803000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-183478date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-5353date:2021-08-06T00:00:00
db:CNNVDid:CNNVD-202107-2130date:2021-08-09T00:00:00
db:NVDid:CVE-2020-5353date:2021-08-06T17:09:29.597

SOURCES RELEASE DATE

db:VULHUBid:VHN-183478date:2021-07-29T00:00:00
db:VULMONid:CVE-2020-5353date:2021-07-29T00:00:00
db:CNNVDid:CNNVD-202107-2130date:2021-07-29T00:00:00
db:NVDid:CVE-2020-5353date:2021-07-29T16:15:08.610