CVE-2020-26191
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | PowerScale OneFS | unspecified < 8.1.2, 8.2.2, 9.1.0+ | affected |
Weaknesses
- CWE-269: CWE-269: Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.