CVE-2020-26181
First published: Wed Nov 11 2020(Updated: )
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Isilon OneFS | <=8.1.0.0 | |
| Dell EMC PowerScale OneFS | =9.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-26181?
CVE-2020-26181 is a privilege escalation vulnerability on a SmartLock Compliance mode cluster in Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0.
How severe is CVE-2020-26181?
CVE-2020-26181 has a severity rating of 7.8 (High).
How does CVE-2020-26181 affect Dell EMC Isilon OneFS?
CVE-2020-26181 affects Dell EMC Isilon OneFS versions 8.1 and later.
How does CVE-2020-26181 affect Dell EMC PowerScale OneFS?
CVE-2020-26181 affects Dell EMC PowerScale OneFS version 9.0.0.
Is there a security update available for CVE-2020-26181?
Yes, Dell has released a security update for CVE-2020-26181. More information can be found at https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell emc isilon onefs
- version/dell emc isilon onefs/8.1.0.0
- canonical/dell emc powerscale onefs
- version/dell emc powerscale onefs/9.0.0