Zero Day MonitorZDM

← Back to list

8.8

CVE-2020-5353PATCHED

dell · emc_isilon_onefs

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker

Description

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

Affected Products

Vendor	Product	Versions
dell	emc_isilon_onefs	<= 8.2.2

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
dell	emc_powerscale_onefs	cve_cpe	95%
dell	dell emc isilon	cert_advisory	90%
dell	dell powerscale onefs	cert_advisory	90%

References

https://support.emc.com/kb/542721(Patch, Vendor Advisory)
https://support.emc.com/kb/542721(Patch, Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories2h ago

[NEU] [hoch] Dell EMC Isilon und EMC PowerScale OneFS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS0.00(Top 43%)

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://support.emc.com/kb/542721

CWECWE-276, CWE-276

PublishedJul 29, 2021

Last enriched2h ago

Trending Score27

Source articles1

Independent1

Info Completeness10/14

Missing: kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-27102

CVE-2026-27102: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect p

MEDIUMCVE-2026-24511

CVE-2026-24511: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation o

HIGHCVE-2026-28261

CVE-2026-28261: Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0

HIGHCVE-2026-22768

CVE-2026-22768: Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low

LOWCVE-2026-28264

CVE-2026-28264: Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Re

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jul 29, 2021

Patch Available

Nov 21, 2024

Discovered by ZDM

Apr 10, 2026