CVE-2020-26191
HIGHDell EMC PowerScale OneFS 8.1.0-9.1.0 - Privilege Escalation via PermissionRepair Job
Title source: llmDescription
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (8)
dell/emc_powerscale_onefs
8.1.0
dell/emc_powerscale_onefs
8.1.1
dell/emc_powerscale_onefs
8.1.2
dell/emc_powerscale_onefs
8.2.0
dell/emc_powerscale_onefs
8.2.1
dell/emc_powerscale_onefs
8.2.2
dell/emc_powerscale_onefs
9.0.0
dell/emc_powerscale_onefs
9.1.0
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026