CVE-2020-5328

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Isilon Onefs
Vendor: CVE Published:; 6 March 2020

Summary

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

Affected Version(s)

Isilon OneFS < 8.2.0

References

https://www.dell.com/support/security/en-us/details/54142...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2020
Vulnerability Reserved
Jan 3, 2020