First published: Wed Nov 11 2020(Updated: )
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Isilon OneFS | <=8.1.0.0 | |
Dell EMC PowerScale OneFS | =9.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26181 is a privilege escalation vulnerability on a SmartLock Compliance mode cluster in Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0.
CVE-2020-26181 has a severity rating of 7.8 (High).
CVE-2020-26181 affects Dell EMC Isilon OneFS versions 8.1 and later.
CVE-2020-26181 affects Dell EMC PowerScale OneFS version 9.0.0.
Yes, Dell has released a security update for CVE-2020-26181. More information can be found at https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co