What is CVE-2020-5355?

CVE-2020-5355 is a medium-severity vulnerability in Dell Isilon Onefs, classified under Incorrect Default Permissions. CVSS score: 4.3/10. Published 2022-10-21.

How severe is CVE-2020-5355?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2020-5355 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dell Isilon Onefs

CVE-2020-5355

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.

EPSS: 0.002 (36.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dell Isilon Onefs — versions unspecified

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-5355

References

support.emc.com/kb/543561

Frequently asked questions

What is CVE-2020-5355?: CVE-2020-5355 is a medium-severity vulnerability in Dell Isilon Onefs, classified under Incorrect Default Permissions. CVSS score: 4.3/10. Published 2022-10-21.
How severe is CVE-2020-5355?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2020-5355 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.