CVE-2020-5318

moderate-risk
Published 2020-02-06

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.

Do I need to act?

-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC...
Vendor Advisory https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC...
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 10/34 · Low