Vulnerabilites related to emc - isilon_onefs
CVE-2016-0907 (GCVE-0-2016-0907)
Vulnerability from cvelistv5
Published
2016-05-30 01:00
Modified
2024-08-05 22:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:40.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160526 ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/May/117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160526 ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/May/117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160526 ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/May/117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0907",
"datePublished": "2016-05-30T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:40.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4525 (GCVE-0-2015-4525)
Vulnerability from cvelistv5
Published
2015-07-04 10:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150701 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-07-04T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150701 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150701 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4525",
"datePublished": "2015-07-04T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9870 (GCVE-0-2016-9870)
Vulnerability from cvelistv5
Published
2017-01-23 06:49
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- LDAP Injection
Summary
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS |
Version: EMC Isilon OneFS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
},
{
"name": "95626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS"
}
]
}
],
"datePublic": "2017-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LDAP Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
},
{
"name": "95626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LDAP Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540020/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
},
{
"name": "95626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9870",
"datePublished": "2017-01-23T06:49:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4979 (GCVE-0-2017-4979)
Vulnerability from cvelistv5
Published
2017-05-19 15:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NFS Export Upgrade Vulnerability
Summary
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x |
Version: EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x"
}
]
}
],
"datePublic": "2017-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NFS Export Upgrade Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-19T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NFS Export Upgrade Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540551/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4979",
"datePublished": "2017-05-19T15:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4988 (GCVE-0-2017-4988)
Vulnerability from cvelistv5
Published
2017-06-21 20:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation Vulnerability
Summary
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x |
Version: EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540755/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540755/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS 8.0.1.0, 8.0.0 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99165"
},
{
"name": "http://www.securityfocus.com/archive/1/540755/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540755/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4988",
"datePublished": "2017-06-21T20:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14387 (GCVE-0-2017-14387)
Vulnerability from cvelistv5
Published
2017-12-20 23:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NFS Export Security Setting Fallback Vulnerability
Summary
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4 |
Version: EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"name": "102292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NFS Export Security Setting Fallback Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"name": "102292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-14387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NFS Export Security Setting Fallback Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Dec/78",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"name": "102292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-14387",
"datePublished": "2017-12-20T23:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4980 (GCVE-0-2017-4980)
Vulnerability from cvelistv5
Published
2017-03-29 21:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal Vulnerability
Summary
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10 |
Version: EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540338/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10"
}
]
}
],
"datePublic": "2017-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T09:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540338/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS EMC Isilon OneFS 8.0.0 8.0.0.1, EMC Isilon OneFS 7.2.0 - 7.2.1.3, EMC Isilon OneFS 7.1.0 - 7.1.1.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97222"
},
{
"name": "http://www.securityfocus.com/archive/1/540338/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540338/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4980",
"datePublished": "2017-03-29T21:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9871 (GCVE-0-2016-9871)
Vulnerability from cvelistv5
Published
2017-02-03 07:24
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation Vulnerability
Summary
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x |
Version: EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540050/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "95800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540050/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS EMC Isilon OneFS 7.2.1.0 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95800"
},
{
"name": "http://www.securityfocus.com/archive/1/540050/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540050/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9871",
"datePublished": "2017-02-03T07:24:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8024 (GCVE-0-2017-8024)
Vulnerability from cvelistv5
Published
2017-10-18 09:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Reflected Cross Site Scripting Vulnerability
Summary
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x |
Version: EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T08:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS EMC Isilon OneFS versions prior to 8.1.0.1, EMC Isilon OneFS versions prior to 8.0.1.2, EMC Isilon OneFS versions prior to 8.0.0.6, EMC Isilon OneFS 7.2.1.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Oct/34",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Oct/34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8024",
"datePublished": "2017-10-18T09:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6848 (GCVE-0-2015-6848)
Vulnerability from cvelistv5
Published
2015-11-27 02:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151124 ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Nov/121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-27T02:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20151124 ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Nov/121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-6848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151124 ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Nov/121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-6848",
"datePublished": "2015-11-27T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0908 (GCVE-0-2016-0908)
Vulnerability from cvelistv5
Published
2016-06-04 01:00
Modified
2024-08-05 22:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160602 ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160602 ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160602 ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0908",
"datePublished": "2016-06-04T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0528 (GCVE-0-2015-0528)
Vulnerability from cvelistv5
Published
2015-03-29 10:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html"
},
{
"name": "20150325 ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Mar/162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html"
},
{
"name": "20150325 ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Mar/162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html"
},
{
"name": "20150325 ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0528",
"datePublished": "2015-03-29T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4545 (GCVE-0-2015-4545)
Vulnerability from cvelistv5
Published
2015-12-21 17:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79674"
},
{
"name": "20151217 ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Dec/103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "79674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79674"
},
{
"name": "20151217 ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Dec/103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79674"
},
{
"name": "20151217 ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Dec/103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4545",
"datePublished": "2015-12-21T17:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14380 (GCVE-0-2017-14380)
Vulnerability from cvelistv5
Published
2017-12-13 20:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation Vulnerability
Summary
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x |
Version: EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/41"
},
{
"name": "102210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/41"
},
{
"name": "102210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-14380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x",
"version": {
"version_data": [
{
"version_value": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Dec/41",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Dec/41"
},
{
"name": "102210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-14380",
"datePublished": "2017-12-13T20:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11071 (GCVE-0-2018-11071)
Vulnerability from cvelistv5
Published
2018-09-18 21:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote process crash vulnerability
Summary
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Isilon OneFS |
Version: 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x < 8.1.2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Isilon OneFS",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "8.1.2 ",
"status": "affected",
"version": "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"versionType": "custom"
}
]
},
{
"product": "IsilonSD Edge",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "8.1.2 ",
"status": "affected",
"version": "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Honggang Ren of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability."
}
],
"datePublic": "2018-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote process crash vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-18T20:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-11071",
"STATE": "PUBLIC",
"TITLE": "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value": "8.1.2 "
}
]
}
},
{
"product_name": "IsilonSD Edge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value": "8.1.2 "
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Honggang Ren of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote process crash vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11071",
"datePublished": "2018-09-18T21:00:00",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-12-13 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Dec/41 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/102210 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Dec/41 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102210 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.0.5 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 | |
| emc | isilon_onefs | 7.2.1.4 | |
| emc | isilon_onefs | 7.2.1.5 | |
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilon_onefs | 8.0.0.1 | |
| emc | isilon_onefs | 8.0.0.2 | |
| emc | isilon_onefs | 8.0.0.3 | |
| emc | isilon_onefs | 8.0.0.4 | |
| emc | isilon_onefs | 8.0.1.0 | |
| emc | isilon_onefs | 8.0.1.1 | |
| emc | isilon_onefs | 8.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6E200D-49D6-492C-8B38-CBED90CA8118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2687A1-97EC-4777-9CC1-164D525C56E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08C3C4C1-505B-4171-831B-7FD7EB34B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DF0A4B-702E-4E6B-AD2D-086F76B6DBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80042980-E2BB-49F0-A3DB-BE22ECF820C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217B6DC1-07E4-4A1E-8867-85C258778E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "847B0C10-6DCA-49FE-836C-F547B573A647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode."
},
{
"lang": "es",
"value": "En EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x y 7.1.1.x, un usuario con una cuenta de compliance admin (compadmin) puede explotar una vulnerabilidad en los scripts de mantenimiento isi_get_itrace o isi_get_profile para ejecutar cualquier script shell como root del sistema en un cl\u00faster en modo compliance. Esto podr\u00eda conducir a una elevaci\u00f3n de privilegios para el usuario compadmin y vulnerar el modo compliance."
}
],
"id": "CVE-2017-14380",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T20:29:00.207",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/41"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102210"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-29 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540338/30/0/threaded | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securityfocus.com/bid/97222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540338/30/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97222 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.1.1.9 | |
| emc | isilon_onefs | 7.1.1.10 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 | |
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilon_onefs | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D645B5EF-4333-48BF-960A-03AA2D624376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "302422CE-3C0A-44E6-83ED-51EC65482B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1."
},
{
"lang": "es",
"value": "EMC Isilon OneFS es afectada por una vulnerabilidad de recorrido transversal que potencialmente puede ser explotada por los atacantes para comprometer el sistema afectado. Las versiones afectadas son 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3 y 8.0.0 - 8.0.0.1."
}
],
"id": "CVE-2017-4980",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T21:59:00.177",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540338/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540338/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97222"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-19 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540551/30/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540551/30/0/threaded | Mitigation, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 | |
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilon_onefs | 8.0.0.1 | |
| emc | isilon_onefs | 8.0.0.2 | |
| emc | isilon_onefs | 8.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."
},
{
"lang": "es",
"value": "Isilon OneFS versi\u00f3n 8.0.1.0, OneFS versiones 8.0.0.0 - 8.0.0.2, OneFS versiones 7.2.1.0 - 7.2.1.3 y OneFS versiones 7.2.0.x de EMC, est\u00e1n afectadas por una vulnerabilidad de exportaci\u00f3n de NFS. Bajo ciertas condiciones, despu\u00e9s de actualizar un cl\u00faster desde OneFS versi\u00f3n 7.1.1.x o anteriores, los usuarios pueden tener niveles inesperados de acceso a algunas exportaciones de NFS."
}
],
"id": "CVE-2017-4979",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-19T15:29:00.257",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-04 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/Jun/13 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/Jun/13 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.1 | |
| emc | isilon_onefs | 7.1.0.2 | |
| emc | isilon_onefs | 7.1.0.3 | |
| emc | isilon_onefs | 7.1.0.4 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.0.5 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521D899-186D-4200-96A2-C8137D6D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "542839DF-EF0F-4B14-B56D-FBC0FE4D2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A42792-B156-45D3-9A22-C45FFCF652DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6E200D-49D6-492C-8B38-CBED90CA8118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 7.1.x en versiones anteriores a 7.1.1.9 y 7.2.x en versiones anteriores a 7.2.1.2 permite a usuarios locales obtener acceso root al shell aprovechando privilegios administrativos."
}
],
"id": "CVE-2016-0908",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-04T01:59:01.597",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Jun/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Jun/13"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Dec/78 | Issue Tracking, Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/102292 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Dec/78 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102292 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilon_onefs | 8.0.0.1 | |
| emc | isilon_onefs | 8.0.0.2 | |
| emc | isilon_onefs | 8.0.0.3 | |
| emc | isilon_onefs | 8.0.0.4 | |
| emc | isilon_onefs | 8.0.1.0 | |
| emc | isilon_onefs | 8.0.1.1 | |
| emc | isilon_onefs | 8.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DF0A4B-702E-4E6B-AD2D-086F76B6DBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80042980-E2BB-49F0-A3DB-BE22ECF820C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217B6DC1-07E4-4A1E-8867-85C258778E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "847B0C10-6DCA-49FE-836C-F547B573A647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\""
},
{
"lang": "es",
"value": "El servicio NFS en EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1 y 8.0.0.0 - 8.0.0.4 mantiene las opciones de exportaci\u00f3n NFS por defecto (incluyendo la parte especifica de seguridad del \"NFS export\" para autenticaci\u00f3n) que puede aprovecharse para exportaciones NFS actuales y futuras. El servicio NFS conten\u00eda un error que no propagaba correctamente los cambios realizados en la parte espec\u00edfica de seguridad para todas las exportaciones NFS nuevas y existentes que est\u00e1n configuradas para emplear opciones de exportaci\u00f3n NFS por defecto y est\u00e1n montadas una vez se han realizado esos cambios. Este error podr\u00eda permitir que clientes NFS accedan a exportaciones NFS afectadas empleando la parte espec\u00edfica de seguridad por defecto y, potencialmente, m\u00e1s d\u00e9bil, incluso aunque se haya seleccionado una m\u00e1s segura para ser empleada por el administrador OneFS. Esto tambi\u00e9n se conoce como \"NFS Export Security Setting Fallback Vulnerability\"."
}
],
"id": "CVE-2017-14387",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T23:29:00.297",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102292"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-04 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | * | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBE16CA-46F6-4E5C-B361-67074B1771F1",
"versionEndIncluding": "7.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n log-gather en la interfaz de la administraci\u00f3n web en EMC Isilon OneFS 6.5.x.x hasta 7.1.1.x anterior a 7.1.1.5 y 7.2.0.x anterior a 7.2.0.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios root a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-4525",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-04T10:59:03.153",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/11"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-18 21:29
Modified
2024-11-21 03:42
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/19 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/19 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilonsd_edge | * | |
| emc | isilonsd_edge | * | |
| emc | isilonsd_edge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C525FA-697D-4AF5-8A80-F0E4B1575E25",
"versionEndIncluding": "7.1.1.11",
"versionStartIncluding": "7.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1F007-6FBD-4DB0-A56F-E26300F7AC01",
"versionEndIncluding": "7.2.1.6",
"versionStartIncluding": "7.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF9CA79-AE5A-4A3C-8CBA-2191980FF5F3",
"versionEndIncluding": "8.0.0.7",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8483F6-75D7-45A0-8B0D-70EE763377D7",
"versionEndIncluding": "8.0.1.2",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBD5515-4B05-4614-BEF4-58D123999337",
"versionEndIncluding": "8.1.0.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084B14F0-EA61-4DF0-8FA0-04DCB023DD30",
"versionEndIncluding": "8.1.2.0",
"versionStartIncluding": "8.1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:isilonsd_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB115F03-CEDF-46F3-8E22-C5E09646AA77",
"versionEndIncluding": "8.0.0.7",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilonsd_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA731C5B-3B7B-4584-A296-84D71BD782D6",
"versionEndIncluding": "8.0.1.2",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:isilonsd_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5879393-387E-4096-9F15-8A5B3B4824CD",
"versionEndExcluding": "8.1.2.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted."
},
{
"lang": "es",
"value": "Dell EMC Isilon OneFS en versiones 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x y 8.1.x anteriores a la 8.1.2; y Dell EMC IsilonSD Edge en versiones 8.0.0.x, 8.0.1.x, 8.1.0.x y 8.1.x anteriores a la 8.1.2 contienen una vulnerabilidad de cierre inesperado del proceso remoto. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para provocar el cierre inesperado del proceso isi_drive_d mediante el env\u00edo de datos de entrada especialmente manipulados al sistema afectado. El proceso se reiniciar\u00e1 posteriormente."
}
],
"id": "CVE-2018-11071",
"lastModified": "2024-11-21T03:42:37.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-18T21:29:02.010",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 07:59
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540020/30/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securityfocus.com/bid/95626 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540020/30/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95626 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.1 | |
| emc | isilon_onefs | 7.1.0.2 | |
| emc | isilon_onefs | 7.1.0.3 | |
| emc | isilon_onefs | 7.1.0.4 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.0.5 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521D899-186D-4200-96A2-C8137D6D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "542839DF-EF0F-4B14-B56D-FBC0FE4D2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A42792-B156-45D3-9A22-C45FFCF652DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6E200D-49D6-492C-8B38-CBED90CA8118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10 y EMC Isilon OneFS 7.1.0.x est\u00e1 afectado por una vulnerabilidad de inyecci\u00f3n LDAP que podr\u00eda ser potencialmente explotable por un usuario malicioso para comprometer el sistema."
}
],
"id": "CVE-2016-9870",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T07:59:00.470",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/95626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95626"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-90"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-30 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/May/117 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/May/117 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.1 | |
| emc | isilon_onefs | 7.1.0.2 | |
| emc | isilon_onefs | 7.1.0.3 | |
| emc | isilon_onefs | 7.1.0.4 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.1.1.9 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilonsd_edge_onefs | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521D899-186D-4200-96A2-C8137D6D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "542839DF-EF0F-4B14-B56D-FBC0FE4D2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A42792-B156-45D3-9A22-C45FFCF652DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D645B5EF-4333-48BF-960A-03AA2D624376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilonsd_edge_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65394CAB-1CF8-4500-9013-A0B932ED703C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 7.1.x y 7.2.x en versiones anteriores a 7.2.1.3 y 8.0.x en versiones anteriores a 8.0.0.1 e IsilonSD Edge OneFS 8.0.x en versiones anteriores a 8.0.0.1, no requiere la firma SMB dentro de una sesi\u00f3n DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SMB mediante la modificaci\u00f3n del flujo de datos cliente-servidor, un problema similar a CVE-2016-2115."
}
],
"id": "CVE-2016-0907",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-30T01:59:00.237",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/May/117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/May/117"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-21 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540755/30/0/threaded | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99165 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540755/30/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99165 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.1.1.9 | |
| emc | isilon_onefs | 7.1.1.10 | |
| emc | isilon_onefs | 7.1.1.11 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 | |
| emc | isilon_onefs | 7.2.1.4 | |
| emc | isilon_onefs | 8.0.0.0 | |
| emc | isilon_onefs | 8.0.0.1 | |
| emc | isilon_onefs | 8.0.0.2 | |
| emc | isilon_onefs | 8.0.0.3 | |
| emc | isilon_onefs | 8.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D645B5EF-4333-48BF-960A-03AA2D624376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "302422CE-3C0A-44E6-83ED-51EC65482B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81B96819-9F4D-44D4-9645-48EB8E705121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2687A1-97EC-4777-9CC1-164D525C56E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DF0A4B-702E-4E6B-AD2D-086F76B6DBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Isilon OneFS en versiones 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4 y 7.1.x se ha visto afectado por una vulnerabilidad de escalado de privilegios que podr\u00eda ser explotada por atacantes para comprometer el sistema afectado."
}
],
"id": "CVE-2017-4988",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T20:29:00.283",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540755/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540755/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99165"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-21 17:13
Modified
2025-04-12 10:46
Severity ?
Summary
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | * | |
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.1 | |
| emc | isilon_onefs | 7.1.0.2 | |
| emc | isilon_onefs | 7.1.0.3 | |
| emc | isilon_onefs | 7.1.0.4 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8484289-9300-4DFF-9F46-162821E9F7CB",
"versionEndIncluding": "7.1.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521D899-186D-4200-96A2-C8137D6D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "542839DF-EF0F-4B14-B56D-FBC0FE4D2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A42792-B156-45D3-9A22-C45FFCF652DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 7.1 en versiones anteriores a 7.1.1.8, 7.2.0 en versiones anteriores a 7.2.0.4 y 7.2.1 en versiones anteriores a 7.2.1.1 permite a administradores remotos autenticados eludir una restricci\u00f3n de inicio de sesi\u00f3n root mediante la creaci\u00f3n de una cuenta root y el establecimiento de una sesi\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2015-4545",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T17:13:00.137",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Dec/103"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/79674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Dec/103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79674"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-27 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | * | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBE16CA-46F6-4E5C-B361-67074B1771F1",
"versionEndIncluding": "7.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 7.1.x en versiones anteriores a 7.1.1.5, 7.2.0.x en versiones anteriores a 7.2.0.3 y 7.2.1.x en versiones anteriores a 7.2.1.1, cuando la funcionalidad RFC 2307 es configurada pero SFU no est\u00e1 presente universalmente, permite a usuarios AD remotos autenticados obtener privilegios root a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-6848",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-27T02:59:00.077",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Nov/121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Nov/121"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 09:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Oct/34 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Oct/34 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 | |
| emc | isilon_onefs | 7.2.1.4 | |
| emc | isilon_onefs | 7.2.1.5 | |
| emc | isilon_onefs | 7.2.1.6 | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * | |
| emc | isilon_onefs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2687A1-97EC-4777-9CC1-164D525C56E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08C3C4C1-505B-4171-831B-7FD7EB34B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE48C73-7CFE-454F-A4EF-0B12C49FD993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "356662DF-BE65-4CFD-9BE3-353BAC206693",
"versionEndIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91B9F8-9096-49BB-BC41-358595C12EAA",
"versionEndIncluding": "8.0.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "133E612C-59F3-4B4A-AD3F-74D179176A8F",
"versionEndIncluding": "8.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Isilon OneFS (versiones anteriores a la 8.1.0.1, 8.0.1.2 y 8.0.0.6 y en versiones 7.2.1.x) se ha visto afectado por una vulnerabilidad de Cross-Site Scripting reflejado que podr\u00eda ser explotada por usuarios maliciosos para comprometer el sistema afectado."
}
],
"id": "CVE-2017-8024",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T09:29:00.190",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/34"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-29 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://seclists.org/bugtraq/2015/Mar/162 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2015/Mar/162 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | * | |
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.1 | |
| emc | isilon_onefs | 7.1.0.2 | |
| emc | isilon_onefs | 7.1.0.3 | |
| emc | isilon_onefs | 7.1.0.4 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CBDEBE-5324-4146-BB97-ABFB38530A48",
"versionEndIncluding": "7.0.2.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521D899-186D-4200-96A2-C8137D6D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "542839DF-EF0F-4B14-B56D-FBC0FE4D2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A42792-B156-45D3-9A22-C45FFCF652DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files."
},
{
"lang": "es",
"value": "El demonio RPC en EMC Isilon OneFS 6.5.x y 7.0.x anterior a 7.0.2.13, 7.1.0 anterior a 7.1.0.6, 7.1.1 anterior a 7.1.1.2, y 7.2.0 anterior a 7.2.0.1 permite a usuarios locales ganar privilegios mediante el aprovechamiento de una habilidad para modificar ficheros de"
}
],
"id": "CVE-2015-0528",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-29T10:59:04.243",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2015/Mar/162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/131035/EMC-Isilon-OneFS-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2015/Mar/162"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-03 07:59
Modified
2025-04-20 01:37
Severity ?
Summary
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540050/30/0/threaded | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/95800 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540050/30/0/threaded | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95800 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | isilon_onefs | 7.1.0.0 | |
| emc | isilon_onefs | 7.1.0.5 | |
| emc | isilon_onefs | 7.1.0.6 | |
| emc | isilon_onefs | 7.1.1.0 | |
| emc | isilon_onefs | 7.1.1.1 | |
| emc | isilon_onefs | 7.1.1.2 | |
| emc | isilon_onefs | 7.1.1.3 | |
| emc | isilon_onefs | 7.1.1.4 | |
| emc | isilon_onefs | 7.1.1.5 | |
| emc | isilon_onefs | 7.1.1.6 | |
| emc | isilon_onefs | 7.1.1.7 | |
| emc | isilon_onefs | 7.1.1.8 | |
| emc | isilon_onefs | 7.1.1.9 | |
| emc | isilon_onefs | 7.1.1.10 | |
| emc | isilon_onefs | 7.2.0.0 | |
| emc | isilon_onefs | 7.2.0.1 | |
| emc | isilon_onefs | 7.2.0.2 | |
| emc | isilon_onefs | 7.2.0.3 | |
| emc | isilon_onefs | 7.2.0.4 | |
| emc | isilon_onefs | 7.2.1.0 | |
| emc | isilon_onefs | 7.2.1.1 | |
| emc | isilon_onefs | 7.2.1.2 | |
| emc | isilon_onefs | 7.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD6F32C-BC12-455D-9C78-F6485C72582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E706E435-8E45-4ACB-8BBC-5AC458378D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D92501AC-0588-4051-9568-52074E8A2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7407DAA-7740-45B0-BA99-03794C8B1215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E804DB-40F0-4FBF-8A85-A49767DC4022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D645B5EF-4333-48BF-960A-03AA2D624376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "302422CE-3C0A-44E6-83ED-51EC65482B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Isilon OneFS 7.1.0.x, EMC Isilon OneFS 7.1.0.10, EMC Isilon OneFS 7.1.0.x se ve afectada por una vulnerabilidad de escalada de privilegios que podr\u00eda ser potencialmente explotada por los atacantes para comprometer el sistema afectado."
}
],
"id": "CVE-2016-9871",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-03T07:59:00.467",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540050/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540050/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95800"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}