CVE-2020-5383 - OpenCVE

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Isilon Emc Powerscale Onefs

Configuration 1 [-]

OR	cpe:2.3:a:dell:emc_isilon:8.2.2:::::::*
	cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2020-08-27T18:25:11.098840Z

Updated: 2024-09-16T22:46:50.183Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5383

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-27T19:15:12.117

Modified: 2020-09-04T17:11:30.070

Link: CVE-2020-5383

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Isilon OneFS", "vendor": "Dell", "versions": [{"lessThan": "9.0.0.0, 8.2.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-27T18:25:11", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2020-08-24", "ID": "CVE-2020-5383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Isilon OneFS", "version": {"version_data": [{"version_affected": "<", "version_value": "9.0.0.0, 8.2.2"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart."}]}, "impact": {"cvss": {"baseScore": 5.3, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu", "refsource": "MISC", "url": "https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:23.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2020-5383", "datePublished": "2020-08-27T18:25:11.098840Z", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2024-09-16T22:46:50.183Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_isilon:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FACBF3CA-AE51-4F29-85B0-0005D6A31B4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5422D856-00B1-47FA-8D62-9B464A43BAC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart."}, {"lang": "es", "value": "Dell EMC Isilon OneFS versi\u00f3n 8.2.2 y Dell EMC PowerScale OneFS versi\u00f3n 9.0.0, contienen una vulnerabilidad de desbordamiento del b\u00fafer en el componente Likewise. Un atacante malicioso remoto no autenticado podr\u00eda explotar esta vulnerabilidad para causar el reinicio del proceso"}], "id": "CVE-2020-5383", "lastModified": "2020-09-04T17:11:30.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2020-08-27T19:15:12.117", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/security/en-us/details/546005/DSA-2020-189-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-Security-Update-for-Buffer-Overflow-Vu"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "security_alert@emc.com", "type": "Secondary"}]}