Impact
Critical
Details
Dell EMC PowerScale OneFS and Dell EMC Isilon OneFS require a security update to address a privilege escalation vulnerability.
- Privilege Escalation Vulnerability
CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
- Privilege Escalation Vulnerability
CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected products:
- Dell EMC Isilon OneFS versions 8.1 and later
- Dell EMC PowerScale OneFS version 9.0.0
All affected products must be running SmartLock Compliance mode to be impacted.
Remediation:
- Dell EMC Isilon OneFS versions 8.1.2 and 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For EMC PowerScale OneFS version 9.0.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, it is recommended you upgrade to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
The fix is contained within the Dell EMC PowerScale OneFS 9.1.0 version.
Affected products:
- Dell EMC Isilon OneFS versions 8.1 and later
- Dell EMC PowerScale OneFS version 9.0.0
All affected products must be running SmartLock Compliance mode to be impacted.
Remediation:
- Dell EMC Isilon OneFS versions 8.1.2 and 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For EMC PowerScale OneFS version 9.0.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, it is recommended you upgrade to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
The fix is contained within the Dell EMC PowerScale OneFS 9.1.0 version.
Revision History
|
Revision
|
Date
|
Description
|
|
1.0
|
2020-11-11
|
Initial Release
|
| 1.1 | 20201-11-10 | Format Update |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
PowerScale OneFS, Product Security Information