CVE-2015-4525Command Injection in Isilon Onefs

CWE-77Command Injection3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
0.9%
top 24.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
EMC Isilon Onefs
Timeline
PublishedJul 4
Latest updateMay 17

Description

The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDemc/isilon_onefs7.1.1.0+6

🔴Vulnerability Details

2
GHSA
GHSA-26p7-g5hj-f2q3: The log-gather implementation in the web administration interface in EMC Isilon OneFS 62022-05-17
CVEList
CVE-2015-4525: The log-gather implementation in the web administration interface in EMC Isilon OneFS 62015-07-04
CVE-2015-4525 — Command Injection in EMC Isilon Onefs | cvebase