CVE-2020-5365 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
dell	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
dell	emc_isilon_onefs	𝑥 ≤ 8.2.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-341 - Predictable from Observable State
A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.
CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities

https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities