CVE-2020-5353
HIGHDell EMC Isilon OneFS <= 8.2.2 and PowerScale OneFS 9.0.0 - Unauthenticated Privilege Escalation via NFS UID Spoofing
Title source: llmDescription
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.emc.com/kb/542721
Scores
CVSS v3
8.8
EPSS
0.0034
EPSS Percentile
56.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (2)
dell/emc_isilon_onefs
< 8.2.2
dell/emc_powerscale_onefs
9.0.0
Published
Jul 29, 2021
Tracked Since
Feb 18, 2026