14 matches found
CVE-2020-5328
Dell EMC Isilon OneFS before version 8.2.0 contains an unauthorized access vulnerability due to insufficient authorization checks when SyncIQ is licensed; encrypted syncs are not marked as required, potentially allowing loss of cluster control. The issue affects the Isilon OneFS platform (SyncIQ-...
CVE-2020-5347
Summary (CVE-2020-5347) Dell EMC Isilon OneFS versions 8.2.2 and earlier are affected by a denial-of-service condition in the SmartConnect DNS component. The issue arises from an error condition that may loop, consuming CPU and potentially preventing other SmartConnect DNS responses. The CVSS3.1 ...
CVE-2020-5318
Dell EMC Isilon OneFS prior to fixed versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contains a vulnerability in non-RAN HTTP and WebDAV components where enabling Basic Authentication for these components allows access to files without authentication. Impact: potential exposure of restricted files....
CVE-2018-1213
CVE-2018-1213 refers to cross-site request forgery vulnerabilities in Dell EMC Isilon OneFS. Affected versions include OneFS 8.1.0.0–8.1.0.1, 8.0.1.0–8.0.1.2, 8.0.0.0–8.0.0.6, 7.2.1.x, 7.1.1.11, and 8.1.0.2. The issue arises from the Web console lacking anti-CSRF protections, allowing an authenti...
CVE-2018-1204
Summary for CVE-2018-1204 (Isilon OneFS) : Dell EMC Isilon OneFS web console vulnerabilities include a path traversal flaw in the isi_phone_home tool that can be triggered when remote support is enabled, potentially allowing a malicious user with compadmin rights to execute arbitrary code with ro...
CVE-2018-1203
Overview: CVE-2018-1203 affects Dell EMC Isilon OneFS. CORE Security CORE-2017-0009 describes multiple vulnerabilities in the OneFS Web console, including a local privilege escalation path where the compadmin can exploit sudo to run tcpdump with root privileges. This enables arbitrary root comman...
CVE-2020-26181
Dell EMC Isilon OneFS (8.1+) and Dell EMC PowerScale OneFS (9.0.0) expose a local privilege-escalation in SmartLock Compliance mode clusters. The compadmin user who can authenticate via ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate to root if they possess ISI PRIV HARDENING privileges....
CVE-2020-5364
Dell EMC Isilon OneFS: SNMPv2 enabled by default in versions 8.2.2 and earlier with a pre-configured community string grants read‑only access to many cluster aspects, exposing confidentiality (CVSSv3.1 base 7.5) and potentially enabling broader access. No explicit exploitation details are provide...
CVE-2020-5353
The CVE concerns Dell Isilon OneFS (versions 8.2.2 and earlier) and Dell EMC PowerScale OneFS (version 9.0.0) where the default NFS configuration exposes the admin home directory. An attacker may abuse a forged UID over NFS to rewrite sensitive files, granting administrative access. The issue is ...
CVE-2020-26180
CVE-2020-26180 affects Dell EMC Isilon OneFS (8.1+), and Dell EMC PowerScale OneFS (9.0.0). The root cause is an access issue tied to the remotesupport user account, allowing a remote, low-privilege attacker to access data under the /ifs directory via most protocols. The documents do not provide ...
CVE-2020-5355
CVE-2020-5355 affects Dell EMC Isilon OneFS (versions 8.2.2 and earlier) via the SSHD process, which improperly allows TCP and streaming forwarding. This grants the remotesupport user and users with restricted shells more access than intended. Based on provided documents, the vulnerability impact...
CVE-2020-5371
CVE-2020-5371 affects Dell EMC Isilon OneFS (versions 8.2.2 and earlier) and Dell EMC PowerScale (version 9.0.0). A file permissions weakness allows an attacker with network or local access to access restricted files. The vulnerability stems from insufficiently enforced file permissions, enabling...
CVE-2020-5369
Dell EMC Isilon OneFS (versions 8.2.2 and earlier) and Dell EMC PowerScale OneFS (version 9.0.0) contain a privilege-escalation vulnerability exploitable by an authenticated user via SyncIQ to access system management files. Root cause centers on elevated rights during management file access; imp...
CVE-2020-5365
CVE-2020-5365 affects Dell EMC Isilon OneFS versions 8.2.2 and earlier. The vulnerability arises from a pre‑configured remotesupport account with a predictable default password, allowing a remote attacker to compromise the system (per NVD/CNVD entries). CVSSv3.1 base score 7.5 (HIGH). Dell EMC’s ...