CVE-2020-26181

HIGH

Dell EMC Isilon OneFS <8.1.0.0 and PowerScale OneFS 9.0.0 - Privilege Escalation via SmartLock Compliance Mode

Title source: llm

Description

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/security/en-us/details/546720/DSA-2020-227-Dell-EMC-PowerScale-OneFS-and-Dell-EMC-Isilon-OneFS-Security-Update-for-SmartLock-Co

Scores

CVSS v3 7.0

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (2)

dell/emc_isilon_onefs < 8.1.0.0

dell/emc_powerscale_onefs 9.0.0

Published Jan 05, 2021

Tracked Since Feb 18, 2026