Impact
Critical
Détails
Dell EMC PowerScale OneFS and Dell EMC Isilon OneFS require a security update to address a privilege escalation vulnerability.
- Privilege Escalation Vulnerability
CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
- Privilege Escalation Vulnerability
CVE-2020-26181
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.
Affected products:
- Dell EMC Isilon OneFS versions 8.1 and later
- Dell EMC PowerScale OneFS version 9.0.0
All affected products must be running SmartLock Compliance mode to be impacted.
Remediation:
- Dell EMC Isilon OneFS versions 8.1.2 and 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For EMC PowerScale OneFS version 9.0.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, it is recommended you upgrade to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
The fix is contained within the Dell EMC PowerScale OneFS 9.1.0 version.
Affected products:
- Dell EMC Isilon OneFS versions 8.1 and later
- Dell EMC PowerScale OneFS version 9.0.0
All affected products must be running SmartLock Compliance mode to be impacted.
Remediation:
- Dell EMC Isilon OneFS versions 8.1.2 and 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For EMC PowerScale OneFS version 9.0.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up Patch, see the Current Isilon OneFS Patches document.
- For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, it is recommended you upgrade to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
The fix is contained within the Dell EMC PowerScale OneFS 9.1.0 version.
Historique des révisions
|
Revision
|
Date
|
Description
|
|
1.0
|
2020-11-11
|
Initial Release
|
| 1.1 | 20201-11-10 | Format Update |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Produits concernés
PowerScale OneFS, Product Security Information