Details of VAR-202210-1533

ID

VAR-202210-1533

CVE

CVE-2020-5355

TITLE

Dell's Dell EMC Isilon OneFS Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017886

DESCRIPTION

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. Dell's Dell EMC Isilon OneFS There is a vulnerability in improper default permissions.Information may be obtained. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell

Trust: 1.71

sources: NVD: CVE-2020-5355 // JVNDB: JVNDB-2020-017886 // VULHUB: VHN-183480

AFFECTED PRODUCTS

vendor:	dell	model:	emc isilon onefs	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	デル	model:	dell emc isilon onefs	scope:	lte	version:	8.2.2 and earlier	Trust: 0.8
vendor:	デル	model:	dell emc isilon onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc isilon onefs	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017886 // NVD: CVE-2020-5355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5355
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-5355
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-5355
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-1606
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-5355
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-5355
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-017886 // CNNVD: CNNVD-202210-1606 // NVD: CVE-2020-5355 // NVD: CVE-2020-5355

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183480 // JVNDB: JVNDB-2020-017886 // NVD: CVE-2020-5355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1606

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1606

PATCH

title:

Dell EMC Isilon OneFS Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211863

Trust: 0.6

sources: CNNVD: CNNVD-202210-1606

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5355	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-017886	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1606	Trust: 0.7
db:	VULHUB	id:	VHN-183480	Trust: 0.1

sources: VULHUB: VHN-183480 // JVNDB: JVNDB-2020-017886 // CNNVD: CNNVD-202210-1606 // NVD: CVE-2020-5355

REFERENCES

url:	https://support.emc.com/kb/543561	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5355	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2020-5355/	Trust: 0.6

sources: VULHUB: VHN-183480 // JVNDB: JVNDB-2020-017886 // CNNVD: CNNVD-202210-1606 // NVD: CVE-2020-5355

SOURCES

db:	VULHUB	id:	VHN-183480
db:	JVNDB	id:	JVNDB-2020-017886
db:	CNNVD	id:	CNNVD-202210-1606
db:	NVD	id:	CVE-2020-5355

LAST UPDATE DATE

2024-08-14T14:37:12.301000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183480	date:	2022-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017886	date:	2023-10-27T08:16:00
db:	CNNVD	id:	CNNVD-202210-1606	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2020-5355	date:	2022-10-24T15:32:11.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183480	date:	2022-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-017886	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202210-1606	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2020-5355	date:	2022-10-21T18:15:09.543