Emc Isilon Onefs Dell Emc Isilon Onefs

Do you want an email whenever new security vulnerabilities are reported in Dell Emc Isilon Onefs?

By the Year

In 2022 there have been 0 vulnerabilities in Dell Emc Isilon Onefs . Last year Emc Isilon Onefs had 3 security vulnerabilities published. Right now, Emc Isilon Onefs is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 8.47
2020 6 8.10
2019 0 0.00
2018 3 7.40

It may take a day or so for new Emc Isilon Onefs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Emc Isilon Onefs Security Vulnerabilities

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS)

CVE-2020-5353 8.8 - High - July 29, 2021

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

Incorrect Default Permissions

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account

CVE-2020-26180 8.8 - High - July 28, 2021

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.

Incorrect Default Permissions

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster

CVE-2020-26181 7.8 - High - January 05, 2021

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability

CVE-2020-5371 8.8 - High - July 06, 2020

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.

Incorrect Permission Assignment for Critical Resource

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability

CVE-2020-5364 7.5 - High - May 20, 2020

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.

Information Disclosure

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability

CVE-2020-5365 7.5 - High - May 20, 2020

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.

Use of Insufficiently Random Values

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability

CVE-2020-5347 7.5 - High - April 04, 2020

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

Resource Exhaustion

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed

CVE-2020-5328 9.8 - Critical - March 06, 2020

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

Missing Authentication for Critical Function

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations

CVE-2020-5318 7.5 - High - February 06, 2020

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.

AuthZ

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges

CVE-2018-1203 6.7 - Medium - March 26, 2018

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Incorrect Permission Assignment for Critical Resource

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1

CVE-2018-1204 6.7 - Medium - March 26, 2018

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Directory traversal

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1

CVE-2018-1213 8.8 - High - March 26, 2018

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Dell Emc Isilon Onefs or by Dell? Click the Watch button to subscribe.

Dell
Vendor

subscribe