From 0f6d7fa8388d1203f70b9fe0a2e97fe3fa96a817 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Wed, 20 May 2020 16:39:05 -0400 Subject: [PATCH] Added CVE-2020-5364,5365 --- 2020/5xxx/CVE-2020-5364.json | 71 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5365.json | 71 +++++++++++++++++++++++++++++++----- 2 files changed, 124 insertions(+), 18 deletions(-) diff --git a/2020/5xxx/CVE-2020-5364.json b/2020/5xxx/CVE-2020-5364.json index 45cd1cef669..3d51ac560f8 100644 --- a/2020/5xxx/CVE-2020-5364.json +++ b/2020/5xxx/CVE-2020-5364.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-05-15", + "ID": "CVE-2020-5364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 5.3, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Exposure of Sensitive Information Through Sent Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities" } ] } diff --git a/2020/5xxx/CVE-2020-5365.json b/2020/5xxx/CVE-2020-5365.json index 3476f9d9d30..fa2623e2f56 100644 --- a/2020/5xxx/CVE-2020-5365.json +++ b/2020/5xxx/CVE-2020-5365.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-05-15", + "ID": "CVE-2020-5365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 5.3, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-341: Predictable from Observable State" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities" } ] }