CVE-2020-5328

CRITICAL

Dell EMC Isilon OneFS < 8.2.0 - Unauthenticated Unauthorized Access via SyncIQ

Title source: llm

Description

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability

Scores

CVSS v3 9.8

EPSS 0.0039

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

dell/emc_isilon_onefs < 8.2.0

Published Mar 06, 2020

Tracked Since Feb 18, 2026