Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System where an attacker could cause a denial of service (CVE-2020-5015)

2021-03-2308:46:15

www.ibm.com

ibm elastic storage

remote attackers

denial of service

upgrade

enable security

malformed udp requests

EPSS

0.003

Percentile

70.4%

JSON

Summary

A security vulnerability has been identified in all levels of IBM Elastic Storage System that could allow an attacker to cause a denial of service. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-5015
**DESCRIPTION:**IBM Elastic Storage System could allow a remote attacker to cause a denial of service by sending malformed UDP requests.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193486 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Elastic Storage System	6.0.0 - 6.0.1.2

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:

V6.1.0.0 or V6.0.2.0 or later.

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=All&function=all

And then enable security on these system using the security tool provided in these release by running below steps :

- To enable security, from the container, run the command: