cvelistv5 - cve-2020-26195

CVE-2020-26195 (GCVE-0-2020-26195)

Vulnerability from cvelistv5 – Published: 2021-02-09 21:25 – Updated: 2024-09-16 23:55

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00018287…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: unspecified , < 8.1.2, 8.2.2, 9.0+ (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "8.1.2, 8.2.2, 9.0+",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-09T21:25:21",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2020-12-18",
          "ID": "CVE-2020-26195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PowerScale OneFS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.2, 8.2.2, 9.0+"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-26195",
    "datePublished": "2021-02-09T21:25:22.012221Z",
    "dateReserved": "2020-09-30T00:00:00",
    "dateUpdated": "2024-09-16T23:55:55.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"575793FB-6E18-4A7F-B689-EA4FB7904DFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B64FFA7E-C401-4755-A269-A59E225BCB8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B02079AB-D410-4CD2-8E70-BCFEAB5DEFA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF89B320-6D5A-4E46-A1FA-FCDB31F325C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5422D856-00B1-47FA-8D62-9B464A43BAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08AB5B6-818B-4666-8DF8-32030BBE06A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC PowerScale OneFS versions 8.1.2 \\u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.\"}, {\"lang\": \"es\", \"value\": \"Dell EMC PowerScale OneFS versiones 8.1.2 - 9.1.0, contienen un problema en el que la creaci\\u00f3n autom\\u00e1tica del directorio SMB de OneFS puede crear err\\u00f3neamente un directorio para un usuario.\u0026#xa0;Un atacante remoto no autenticado puede tomar ventaja de este problema para ralentizar el sistema\"}]",
      "id": "CVE-2020-26195",
      "lastModified": "2024-11-21T05:19:29.993",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-09T22:15:13.463",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-280\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-26195\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2021-02-09T22:15:13.463\",\"lastModified\":\"2024-11-21T05:19:29.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.\"},{\"lang\":\"es\",\"value\":\"Dell EMC PowerScale OneFS versiones 8.1.2 - 9.1.0, contienen un problema en el que la creaci\u00f3n autom\u00e1tica del directorio SMB de OneFS puede crear err\u00f3neamente un directorio para un usuario.\u0026#xa0;Un atacante remoto no autenticado puede tomar ventaja de este problema para ralentizar el sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"575793FB-6E18-4A7F-B689-EA4FB7904DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B64FFA7E-C401-4755-A269-A59E225BCB8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02079AB-D410-4CD2-8E70-BCFEAB5DEFA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF89B320-6D5A-4E46-A1FA-FCDB31F325C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5422D856-00B1-47FA-8D62-9B464A43BAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08AB5B6-818B-4666-8DF8-32030BBE06A1\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2021-13934

Vulnerability from cnvd - Published: 2021-03-02

Title

DELL EMC PowerScale OneFS存在未明漏洞

Description

DELL EMC PowerScale是美国戴尔（DELL）公司的一套适用于非结构化数据的横向扩展存储系统。 Dell EMC PowerScale OneFS 8.1.2 – 9.1.0版本存在安全漏洞，该漏洞源于OneFS SMB目录自动创建可能会错误地为用户创建目录的问题。未经身份验证的远程攻击者可利用该漏洞来降低系统的速度。

Severity

低

Patch Name

DELL EMC PowerScale OneFS存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-26195

Impacted products

Name
DELL EMC PowerScale OneFS >=8.1.2，<=9.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26195",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26195"
    }
  },
  "description": "DELL EMC PowerScale\u662f\u7f8e\u56fd\u6234\u5c14\uff08DELL\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8e\u975e\u7ed3\u6784\u5316\u6570\u636e\u7684\u6a2a\u5411\u6269\u5c55\u5b58\u50a8\u7cfb\u7edf\u3002\n\nDell EMC PowerScale OneFS 8.1.2 \u2013 9.1.0\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOneFS SMB\u76ee\u5f55\u81ea\u52a8\u521b\u5efa\u53ef\u80fd\u4f1a\u9519\u8bef\u5730\u4e3a\u7528\u6237\u521b\u5efa\u76ee\u5f55\u7684\u95ee\u9898\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u964d\u4f4e\u7cfb\u7edf\u7684\u901f\u5ea6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-13934",
  "openTime": "2021-03-02",
  "patchDescription": "DELL EMC PowerScale\u662f\u7f8e\u56fd\u6234\u5c14\uff08DELL\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8e\u975e\u7ed3\u6784\u5316\u6570\u636e\u7684\u6a2a\u5411\u6269\u5c55\u5b58\u50a8\u7cfb\u7edf\u3002\r\n\r\nDell EMC PowerScale OneFS 8.1.2 \u2013 9.1.0\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOneFS SMB\u76ee\u5f55\u81ea\u52a8\u521b\u5efa\u53ef\u80fd\u4f1a\u9519\u8bef\u5730\u4e3a\u7528\u6237\u521b\u5efa\u76ee\u5f55\u7684\u95ee\u9898\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u964d\u4f4e\u7cfb\u7edf\u7684\u901f\u5ea6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "DELL EMC PowerScale OneFS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "DELL EMC PowerScale OneFS \u003e=8.1.2\uff0c\u003c=9.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-26195",
  "serverity": "\u4f4e",
  "submitTime": "2021-02-24",
  "title": "DELL EMC PowerScale OneFS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GHSA-55H2-P95W-Q7PV

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-10-22 12:00

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-26195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.",
  "id": "GHSA-55h2-p95w-q7pv",
  "modified": "2022-10-22T12:00:30Z",
  "published": "2022-05-24T22:28:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26195"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202102-0304

Vulnerability from variot - Updated: 2023-12-18 13:47

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0304",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.0"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.1"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.0.0"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.2"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.1.2"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1.0"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "8.1.2  to  9.1.0"
      },
      {
        "model": "emc powerscale onefs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      }
    ]
  },
  "cve": "CVE-2020-26195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-26195",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-180249",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-015958",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-26195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2020-26195",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-886",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-180249",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-26195",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-180249",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "id": "VAR-202102-0304",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:47:13.914000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2021-009",
        "trust": 0.8,
        "url": "https://www.dell.com/support/kbdoc/ja-jp/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
      },
      {
        "title": "DELL EMC PowerScale Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142237"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-755",
        "trust": 1.1
      },
      {
        "problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26195"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "date": "2021-10-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "date": "2021-02-09T22:15:13.463000",
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-180249"
      },
      {
        "date": "2021-10-26T07:51:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      },
      {
        "date": "2022-10-21T19:23:18",
        "db": "NVD",
        "id": "CVE-2020-26195"
      },
      {
        "date": "2021-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell\u00a0EMC\u00a0PowerScale\u00a0OneFS\u00a0 Vulnerability in handling exceptional conditions in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015958"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-886"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-26195

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-26195

Aliases

CVE-2020-26195

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-26195",
    "description": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.",
    "id": "GSD-2020-26195"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-26195"
      ],
      "details": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.",
      "id": "GSD-2020-26195",
      "modified": "2023-12-13T01:22:08.591306Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2020-12-18",
        "ID": "CVE-2020-26195",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PowerScale OneFS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.1.2, 8.2.2, 9.0+"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 5.3,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2020-26195"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-10-21T19:23Z",
      "publishedDate": "2021-02-09T22:15Z"
    }
  }
}

FKIE_CVE-2020-26195

Vulnerability from fkie_nvd - Published: 2021-02-09 22:15 - Updated: 2024-11-21 05:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	emc_powerscale_onefs	8.1.2
dell	emc_powerscale_onefs	8.2.0
dell	emc_powerscale_onefs	8.2.1
dell	emc_powerscale_onefs	8.2.2
dell	emc_powerscale_onefs	9.0.0
dell	emc_powerscale_onefs	9.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "575793FB-6E18-4A7F-B689-EA4FB7904DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64FFA7E-C401-4755-A269-A59E225BCB8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02079AB-D410-4CD2-8E70-BCFEAB5DEFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5422D856-00B1-47FA-8D62-9B464A43BAC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08AB5B6-818B-4666-8DF8-32030BBE06A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system."
    },
    {
      "lang": "es",
      "value": "Dell EMC PowerScale OneFS versiones 8.1.2 - 9.1.0, contienen un problema en el que la creaci\u00f3n autom\u00e1tica del directorio SMB de OneFS puede crear err\u00f3neamente un directorio para un usuario.\u0026#xa0;Un atacante remoto no autenticado puede tomar ventaja de este problema para ralentizar el sistema"
    }
  ],
  "id": "CVE-2020-26195",
  "lastModified": "2024-11-21T05:19:29.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T22:15:13.463",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-280"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-26195 (GCVE-0-2020-26195)

CNVD-2021-13934

GHSA-55H2-P95W-Q7PV

VAR-202102-0304

GSD-2020-26195

FKIE_CVE-2020-26195

Tags

Sightings

Nomenclature