CVE-2020-26191

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Published: Feb 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-26191
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
dell / emc_powerscale_onefs	9.0.0	9.0.0.x
dell / emc_powerscale_onefs	8.1.0	8.1.0.x
dell / emc_powerscale_onefs	8.1.1	8.1.1.x
dell / emc_powerscale_onefs	8.2.0	8.2.0.x
dell / emc_powerscale_onefs	8.2.1	8.2.1.x
dell / emc_powerscale_onefs	8.1.2	8.1.2.x
dell / emc_powerscale_onefs	8.2.2	8.2.2.x
dell / emc_powerscale_onefs	9.1.0	9.1.0.x

https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Vulnerability Database

289,697

CVE-2020-26191