CVE-2020-5353

Summary

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

Affected Software

VendorProductVersion RangeStatus
DellIsilon OneFSunspecified < All supportedaffected

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References