DSA-2020-018: Dell EMC Isilon OneFS Security Update for Improper Authorization Vulnerability
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
Summary:
Dell EMC Isilon OneFS remediates a vulnerability in its non-RAN HTTP and web-based DAV (WebDAV) file-serving components that may potentially be exploited by attackers to compromise the affected system.
-
Improper Authorization Vulnerability
CVE-2020-5318
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files.
CVSS v3.1 Base Score: 7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
| Basic Authentication |
HTTP and/or WebDAV |
Vulnerability |
| Enabled |
Both are disabled |
No impact. |
| Disabled |
Either or both enabled |
No impact, as there is no authentication in this configuration. |
| Enabled |
Either or both enabled |
This may impact the product if an affected version of OneFS is running. |
-
Improper Authorization Vulnerability
CVE-2020-5318
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files.
CVSS v3.1 Base Score: 7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
| Basic Authentication |
HTTP and/or WebDAV |
Vulnerability |
| Enabled |
Both are disabled |
No impact. |
| Disabled |
Either or both enabled |
No impact, as there is no authentication in this configuration. |
| Enabled |
Either or both enabled |
This may impact the product if an affected version of OneFS is running. |
Affected Products & Remediation
Affected products:
Dell EMC Isilon OneFS 8.1.2
Dell EMC Isilon OneFS 8.1.0.4
Dell EMC Isilon OneFS 8.1.0.3
Dell EMC Isilon OneFS 8.0.0.7
Remediation:
For Dell EMC Isilon OneFS versions 8.2.0 and later, the security update is contained in the release.
For Dell EMC Isilon OneFS versions 8.1.0.4 and 8.1.2, the fix for this issue is included with the September 2019 Rollup Patch, as well as all future Rollup Patches. For more information and to obtain a Rollup patch, see the Current Isilon OneFS Patches document.
For Dell EMC Isilon OneFS version 8.0.0.7, it is recommended you upgrade to a newer version of OneFS.
To upgrade your Dell EMC Isilon OneFS system, contact Dell EMC Isilon OneFS Customer Support.
Affected products:
Dell EMC Isilon OneFS 8.1.2
Dell EMC Isilon OneFS 8.1.0.4
Dell EMC Isilon OneFS 8.1.0.3
Dell EMC Isilon OneFS 8.0.0.7
Remediation:
For Dell EMC Isilon OneFS versions 8.2.0 and later, the security update is contained in the release.
For Dell EMC Isilon OneFS versions 8.1.0.4 and 8.1.2, the fix for this issue is included with the September 2019 Rollup Patch, as well as all future Rollup Patches. For more information and to obtain a Rollup patch, see the Current Isilon OneFS Patches document.
For Dell EMC Isilon OneFS version 8.0.0.7, it is recommended you upgrade to a newer version of OneFS.
To upgrade your Dell EMC Isilon OneFS system, contact Dell EMC Isilon OneFS Customer Support.
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFSProducts
PowerScale OneFS, Product Security InformationArticle Properties
Article Number: 000153916
Article Type: Dell Security Advisory
Last Modified: 20 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.