Lucene search

DellCVELIST:CVE-2020-5355

HistoryNov 23, 2021 - 12:00 a.m.

CVE-2020-5355

2021-11-2300:00:00

CWE-276

dell

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Isilon OneFS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "8.2.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

support.emc.com/kb/543561

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2020-5355